Description

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected. This vulnerability is fixed in 2.57.1.

INFO

Published Date :

2026-04-10T16:24:39.987Z

Last Modified :

2026-04-10T16:24:39.987Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40073 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40073.

URL Resource
https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95 cve-icon cve-icon
https://github.com/sveltejs/kit/releases/tag/@sveltejs/[email protected] cve-icon cve-icon
https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability