CVE-2026-40073

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H                                    

Vulnerability Description

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected. This vulnerability is fixed in 2.57.1.

Vulnerability Details

Published Date

April 10, 2026

Last Modified

April 15, 2026

CWE ID

CWE-770

Source

NVD

Vendor

sveltejs

Product

kit

External References

https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95
https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1
https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp

CVE-2026-40073

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment