QwikSec

Security Database

CVE

CWE

Training

CVE-2026-22803

Published: Jan 15, 2026

Modified: Jan 15, 2026

PUBLISHED

Description

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. This vulnerability is fixed in 2.49.5.

Vendor	Product	Versions
sveltejs	kit	affected `>= 2.49.0, < 2.49.5`

Weaknesses (CWE)

References

https://github.com/sveltejs/kit/security/advisories/GHSA-j2f3-wq62-6q46

x_refsource_CONFIRM

https://github.com/sveltejs/kit/commit/8ed8155215b9a74012fecffb942ad9a793b274e5

x_refsource_MISC

https://github.com/sveltejs/kit/releases/tag/@sveltejs%[email protected]

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.