CLSA-2026-1777054556 squid: Fix of 2 CVEs

CVE-2022-41317: fix exposure of sensitive cache manager information via non-HTTP URI schemes due to typo in default manager ACL regex - CVE-2023-49288: fix use-after-free in StoreEntry::startWriting reachable via oversized replies with collapsedforwarding enabled...

CVE-2026-25155

Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0...

Cross-site Request Forgery (CSRF)

Overview @builder.io/qwik-city is a The meta-framework for Qwik. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to a typo in the regular expression within the isContentType function. An attacker can bypass cross-site request forgery protections by crafting...

EUVD-2026-5168

Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0...

CVE-2026-25155

Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0...

Qwik City CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-data)

Summary A typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. Impact An attacker can bypass Qwik City’s Origin-based CSRF protections and perform forged form submissions, potentially causing unauthorized state changes...

GHSA-VM6G-8R4H-22X8 Qwik City CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-data)

Summary A typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. Impact An attacker can bypass Qwik City’s Origin-based CSRF protections and perform forged form submissions, potentially causing unauthorized state changes...

PT-2026-6487

Summary A typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. Impact An attacker can bypass Qwik City’s Origin-based CSRF protections and perform forged form submissions, potentially causing unauthorized state changes...

PT-2026-6277

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.12.0 Description Qwik is a javascript framework. A regular expression typo within the isContentType function causes incorrect parsing of certain Content-Type headers. Recommendations Update to version 1.12.0 or later...