Description

Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convincing phishing links that appear to originate from the trusted domain but redirect the victim to an attacker-controlled site. This issue has been patched in version 1.19.0.

INFO

Published Date :

2026-02-03T21:11:55.902Z

Last Modified :

2026-02-04T19:59:30.294Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25149 vulnerability.

Vendors Products
Qwik
  • Qwik
Qwikdev
  • Qwik
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25149.

URL Resource
https://github.com/QwikDev/qwik/commit/9959eab30a3ad9cc03689eaa080fcfbc33df71ed cve-icon cve-icon
https://github.com/QwikDev/qwik/security/advisories/GHSA-92j7-wgmg-f32m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact