{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T12:08:27.143","vulnerabilities":[{"cve":{"id":"CVE-2026-25151","sourceIdentifier":"security-advisories@github.com","published":"2026-02-03T22:16:30.840","lastModified":"2026-02-10T20:08:58.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued Content-Type headers. This issue has been patched in version 1.19.0."},{"lang":"es","value":"Qwik es un framework de JavaScript enfocado en el rendimiento. Antes de la versión 1.19.0, el manejador de solicitudes del lado del servidor de Qwik City interpreta de forma inconsistente los encabezados de solicitud HTTP, lo que puede ser explotado por un atacante remoto para eludir las protecciones CSRF de envío de formularios utilizando encabezados Content-Type especialmente diseñados o con múltiples valores. Este problema ha sido parcheado en la versión 1.19.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qwik:qwik:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.19.0","matchCriteriaId":"8A329D09-A8EB-4297-8BD9-4E862179FE54"}]}]}],"references":[{"url":"https://github.com/QwikDev/qwik/commit/eebf610e04cc3a690f11e10191d09ff0fca1c7ed","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/QwikDev/qwik/security/advisories/GHSA-r666-8gjf-4v5f","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}