QwikSec

Security Database

CVE

CWE

Training

CVE-2026-40073

Published: Apr 10, 2026

Modified: Apr 13, 2026

PUBLISHED

Description

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected. This vulnerability is fixed in 2.57.1.

Vendor	Product	Versions
sveltejs	kit	affected `< 2.57.1`

Weaknesses (CWE)

References

https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp

x_refsource_CONFIRM

https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95

x_refsource_MISC

https://github.com/sveltejs/kit/releases/tag/@sveltejs/[email protected]

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.