TL;DR
The Svelte project published fixes for five vulnerabilities across devalue, svelte, @sveltejs/kit and @sveltejs/adapter-node and is urging users to upgrade immediately. Some issues allow denial-of-service, memory amplification, SSRF and XSS under specific configurations.
What happened
The Svelte team disclosed and patched five security issues affecting several core packages. The fixes address two related denial-of-service bugs in devalue.parse that can be triggered when parsing attacker-controlled input, a memory-amplification flaw in SvelteKit’s Remote Functions deserializer when experimental.remoteFunctions and form handling are used, a prerendering-related DoS and potential SSRF affecting SvelteKit and adapter-node under certain configuration conditions, and an XSS vector in svelte when using hydratable with unsanitized keys. Maintainers say patched releases are available and cross-dependent packages now include updated devalue versions. The announcement credits external researchers and the Vercel security team for coordinated disclosure, and asks anyone who finds vulnerabilities to report them privately via the repository Security tab. Users are instructed to upgrade to specific non-vulnerable versions provided by the team.
Why it matters
- Exploits can crash servers or cause applications to hang by forcing large memory allocations (DoS).
- An SSRF path in some setups can expose internal resources reachable from the SvelteKit server runtime.
- An XSS flaw can expose end users if attacker-controlled keys are returned via hydratable without sanitization.
- Many projects depend on these packages; patched releases include updated transitive dependencies to limit exposure.
- Maintainers urge immediate upgrades to prevent attackers from targeting known vulnerable versions.
Key facts
- Patched package versions: devalue 5.6.2; svelte 5.46.4; @sveltejs/kit 2.49.5; @sveltejs/adapter-node 5.5.1.
- CVE-2026-22775 and CVE-2026-22774: distinct DoS issues in devalue.parse that allow arbitrarily large memory allocation when parsing user-controlled input.
- CVE-2026-22803: memory amplification DoS in SvelteKit remote functions binary form deserializer when experimental.remoteFunctions is enabled and using form.
- CVE-2025-67647: prerendering-related DoS and possible SSRF for @sveltejs/kit (2.19.0–2.49.4) and @sveltejs/adapter-node in specific configurations; missing ORIGIN or absent Host validation increases risk.
- CVE-2025-15265: XSS risk in svelte 2.46.0–2.46.3 when hydratable receives unsanitized, user-controlled strings as keys.
- SvelteKit applications that do not enable remote functions are not affected by the devalue.parse issues.
- For devalue, affected ranges include 5.1.0 through 5.6.1 (CVE-2026-22775) and 5.3.0 through 5.6.1 (CVE-2026-22774).
- Maintainers thanked security researchers and the Vercel security team for coordinated disclosure and remediation help.
- Users are advised to report suspected vulnerabilities privately via the Security tab on the relevant repository.
What to watch next
- Whether additional Svelte-related packages receive follow-up advisories or backported fixes (not confirmed in the source).
- Possible disclosures of exploitation in the wild tied to these CVEs (not confirmed in the source).
- Implementation of the stated investment in processes to catch similar bugs earlier in writing and review stages.
Quick glossary
- Denial of Service (DoS): An attack that exhausts resources such as CPU or memory to make a service unavailable to legitimate users.
- Server-Side Request Forgery (SSRF): A vulnerability that allows an attacker to make the server send HTTP requests to internal or external resources on the attacker’s behalf.
- Cross-Site Scripting (XSS): A class of vulnerability where an attacker injects malicious scripts into content that other users will load and execute in their browsers.
- Hydratable: A feature related to client-side rehydration where server-rendered markup is paired with client-side state; misuse can introduce risks if untrusted data is used as keys.
- Remote Functions (SvelteKit): An experimental SvelteKit feature that allows calling server-side functions remotely; it can affect how input is parsed and deserialized.
Reader FAQ
How do I know if my project is affected?
Check the package names and versions listed in the advisory and confirm whether your app uses the implicated features (e.g., remoteFunctions, prerendering, hydratable).
Have fixes been released?
Yes. The advisory lists non-vulnerable versions: devalue 5.6.2; svelte 5.46.4; @sveltejs/kit 2.49.5; @sveltejs/adapter-node 5.5.1.
Do patched Svelte and SvelteKit releases include updated devalue?
According to the team, patched cross-dependent packages already include upgraded dependencies.
How should I report a new vulnerability?
Report it privately using the Security tab on the repository in question, or on the Svelte repo if unsure.
CVEs affecting the Svelte ecosystem Time to upgrade ELLIOTT JOHNSON JAN 15 2026 We’ve released patches for 5 vulnerabilities across devalue, svelte, @sveltejs/kit, and @sveltejs/adapter-node. Here’s what you need to…
Sources
- CVEs Affecting the Svelte Ecosystem
- Sha1-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposed
- Svelte Svelte 3.7.0 security vulnerabilities, CVEs
- 5 Best Practices for Reducing CVEs in Container …
Related posts
- GitHub incident posted on status page; subscriptions available, details missing
- Researchers warn Fast Pair flaw lets attackers hijack Bluetooth audio
- Simple CodeBuild misconfig let attackers seize AWS repos and cloud control