Security Advisory

CVE-2026-27971

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-03 22:55:38

Last updated 2026-03-04 16:05:45

Assigner GitHub_M

State PUBLISHED

Description

Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where require() is available at runtime. This vulnerability is fixed in 1.19.1.

← Browse all CVEs View on cve.org ↗