8 matches found
CVE-2026-27118 Cache poisoning in @sveltejs/adapter-vercel
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowi...
CVE-2026-27118
CVE-2026-27118 affects the SvelteKit adapter for Vercel: versions prior to 6.3.2 are vulnerable to cache poisoning due to an internal ISR query parameter that is exposed on all routes. An attacker can trigger caching of sensitive user-specific responses to other users if a victim visits a crafted...
CVE-2026-27118
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowi...
CVE-2026-27118 Cache poisoning in @sveltejs/adapter-vercel
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowi...
CVE-2026-27118 Cache poisoning in @sveltejs/adapter-vercel
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowi...
Origin Validation Error
Overview @sveltejs/adapter-vercel is an A SvelteKit adapter that creates a Vercel app Affected versions of this package are vulnerable to Origin Validation Error via the pathname query parameter. An attacker can cause sensitive user-specific responses to be cached and subsequently served to other...
@alexaegis/svelte-config (>=0.5.7 <=0.14.1), @good-energy/elements (=0.0.1) +23 more potentially affected by CVE-2026-27118 via @sveltejs/adapter-vercel (>=1.0.0-next.31 <=5.10.3)
@sveltejs/adapter-vercel NPM version =1.0.0-next.31, =0.5.7, =0.0.32, =1.0.3, =1.0.0, =1.0.4, =0.12.3, =1.0.0, =0.0.1-beta.153, =1.0.0-next.1, =1.0.0-next.0, =2.1.1, =2.4.44 and more Source cves: CVE-2026-27118 Source advisory: OSV:GHSA-9PQ4-5HCF-288C...
PT-2026-20872
Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowing an attacker to cause sensitive user-specific responses to be cached and served to other users...