Vulnerabilities ›

CVE-2026-40073

High

CWE-770 — Weakness Type

                    Published: Apr 10, 2026                      ·  Modified: Apr 17, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected. This vulnerability is fixed in 2.57.1.

🤖 AI Executive Summary

SvelteKit versions before 2.57.1 contain a vulnerability allowing requests to bypass BODY_SIZE_LIMIT restrictions in adapter-node deployments. This could enable denial-of-service attacks or resource exhaustion on affected applications.

📄 Description (Arabic)

تسمح هذه الثغرة في SvelteKit بتجاوز حدود حجم الجسم المعرفة في adapter-node تحت ظروف معينة. الثغرة محدودة بـ adapter-node ولا تؤثر على حدود حجم الجسم في طبقات أخرى من مكدس التطبيق. تم إصلاح هذه الثغرة في الإصدار 2.57.1.

🤖 ملخص تنفيذي (AI)

إصدارات SvelteKit السابقة للإصدار 2.57.1 تحتوي على ثغرة تسمح بتجاوز قيود BODY_SIZE_LIMIT في نشرات adapter-node. قد يؤدي هذا إلى هجمات حرمان الخدمة أو استنزاف الموارد على التطبيقات المتأثرة.

🤖 AI Intelligence Analysis Analyzed: May 2, 2026 23:16

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

banking telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1499.004 T1567.002

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade SvelteKit to version 2.57.1 or later immediately. Implement additional request size validation at WAF, gateway, or platform level as defense-in-depth measure. Monitor application logs for unusually large requests.

🔧 خطوات المعالجة (العربية)

قم بترقية SvelteKit إلى الإصدار 2.57.1 أو أحدث فوراً. قم بتطبيق التحقق الإضافي من حجم الطلب على مستوى WAF أو البوابة أو المنصة كإجراء دفاع متعدد الطبقات. راقب سجلات التطبيق للطلبات الكبيرة بشكل غير عادي.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC-3.1 ECC-3.2

🔵 SAMA CSF

CC-6.1 CC-6.2

🟡 ISO 27001:2022

A.14.2.1 A.14.2.5

🔗 References & Sources 3

🔗

https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95

security-advisories@github.com

Patch

🔗

https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1

security-advisories@github.com

Product Release Notes

🔗

https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp

security-advisories@github.com

Vendor Advisory

📦 Affected Products / CPE 1 entries

svelte:kit

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-770

EPSS0.08%

Exploit No

Patch ✓ Yes

Published 2026-04-10

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-770

🏢 Vendor Advisories

🔗 https://github.com/sveltejs/kit/security/advisories/...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-40073

💬 Comments

Introduce Yourself

Sign In Required