CVE-2026-32701

Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object-property keys for the same path, an attacker could cause user-controlled properties to be writte...

Qwik City has array method pollution in FormData processing allows type confusion and DoS

Summary Qwik City improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object-property keys for the same path, an attacker could cause user-controlled properties to be written onto values that application code expected to be arrays...

EUVD-2026-13639

Qwik City has array method pollution in FormData processing allows type confusion and DoS...

Qwik 安全漏洞

Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik prior to 1.19.2 contained security vulnerabilities. These vulnerabilities stemmed from improper array inference during FormData parsing from dot-separated form field names, which could lead to request processing failures,...