216.73.217.50

CVE-2026-40073

· Published 10/04/2026 17:17 · Modified 10/04/2026 17:17

Labels: CVE-2026-40073 2026-04-10CVE-2026-40073CWE-770[email protected]

Essential information

Published
10/04/2026 17:17
Modified
10/04/2026 17:17
Author
Creator
CVSS
8.2 HIGH (v3) 8.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected. This vulnerability is fixed in 2.57.1.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
svelte / sveltekit cpe:2.3:a:svelte:sveltekit:<2.57.1:*:*:*:*:*:*:*

References