Description

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input. This vulnerability is fixed in 2.57.1.

INFO

Published Date :

2026-04-10T16:26:07.068Z

Last Modified :

2026-04-10T16:26:07.068Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40074 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40074.

URL Resource
https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd cve-icon cve-icon
https://github.com/sveltejs/kit/releases/tag/@sveltejs/[email protected] cve-icon cve-icon
https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability