Security Advisory

CVE-2026-25151

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-03 21:12:25

Last updated 2026-02-04 16:59:15

Assigner GitHub_M

State PUBLISHED

Description

Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued Content-Type headers. This issue has been patched in version 1.19.0.

← Browse all CVEs View on cve.org ↗