anonhaven
Ad

CVE-2026-25155

MEDIUM CVSS 3.1: 5.9 EPSS 0.01%
Updated Feb 04, 2026
Qwik
Parameter Value
CVSS 5.9 (MEDIUM)
Fixed In 1.12.0
Type CWE-352 (Cross-Site Request Forgery (CSRF))
Vendor Qwik
Public PoC No

Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-352 Cross-Site Request Forgery (CSRF)

References 2

https://github.com/QwikDev/qwik/commit/d70d7099b90b998f1aac7cedc21c67d87bac4c75
security-advisories@github.com
https://github.com/QwikDev/qwik/security/advisories/GHSA-vm6g-8r4h-22x8
security-advisories@github.com
Share Post Share Share Share