{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T01:28:24.479","vulnerabilities":[{"cve":{"id":"CVE-2026-22803","sourceIdentifier":"security-advisories@github.com","published":"2026-01-15T19:16:06.120","lastModified":"2026-01-21T20:34:46.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. This vulnerability is fixed in 2.49.5."},{"lang":"es","value":"SvelteKit es un framework para desarrollar rápidamente aplicaciones web robustas y de alto rendimiento utilizando Svelte. Desde la versión 2.49.0 hasta la 2.49.4, la función remota experimental de formularios utiliza un formato de datos binarios que contiene una representación de los datos de formulario enviados. Una carga útil especialmente diseñada puede hacer que el servidor asigne una gran cantidad de memoria, causando DoS por agotamiento de memoria. Esta vulnerabilidad está corregida en la versión 2.49.5."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-789"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:svelte:kit:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.49.0","versionEndExcluding":"2.49.5","matchCriteriaId":"B5934633-0268-4EE3-9659-8C502C327D41"}]}]}],"references":[{"url":"https://github.com/sveltejs/kit/commit/8ed8155215b9a74012fecffb942ad9a793b274e5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/sveltejs/kit/releases/tag/@sveltejs%2Fadapter-node@5.5.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/sveltejs/kit/security/advisories/GHSA-j2f3-wq62-6q46","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}