Vulnerability in Sveltejs Kit

CVE-2026-40074

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in…

EPSS: 0.001 (18.1th percentile) — read the EPSS interpretation.

Affected products

Sveltejs Kit — versions < 2.57.1

Weakness classification (CWE)

CWE-755 — Improper Handling of Exceptional Conditions

References

https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx (x_refsource_CONFIRM)
https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd (x_refsource_MISC)
https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1 (x_refsource_MISC)