Svelte ecosystem CVEs: five vulnerabilities patched across core packages

TL;DR

The Svelte team has published fixes for five vulnerabilities affecting devalue, svelte, @sveltejs/kit and @sveltejs/adapter-node. Users should upgrade to the patched package versions listed by the project and verify affected features (remote functions, prerendering, hydratable) before deploying.

What happened

The Svelte project disclosed and fixed five security issues spanning the devalue library, the svelte compiler, SvelteKit, and the Node adapter. Two separate devalue flaws (CVE-2026-22775 and CVE-2026-22774) can let an attacker feed input that forces very large memory allocations during parsing, causing process crashes; applications that parse user-controlled input are affected and SvelteKit apps using remote functions are at risk. A memory amplification DoS in SvelteKit’s binary form deserializer for Remote Functions (CVE-2026-22803) affects kit versions with the experimental.remoteFunctions flag enabled and using form. A prerendering-related issue (CVE-2025-67647) can cause DoS and, under certain adapter-node configurations without an ORIGIN env var or adequate Host header validation, enable SSRF and cache-poisoning scenarios. Finally, an XSS vector (CVE-2025-15265) affects svelte’s hydratable when unsanitized user strings are used as keys. Patched releases are available and include updated dependencies where relevant.

Why it matters

• Memory-allocation and deserialization flaws can crash servers or hang processes, disrupting services.
• SSRF and cache-poisoning vectors risk exposing internal resources or allowing cross-site content to be cached by intermediaries.
• An XSS issue in hydratable can expose end users to client-side script injection when unsanitized keys are used.
• Multiple widely used packages and interdependencies mean many projects may be affected unless dependencies are updated.

Key facts

• Patched versions released: devalue 5.6.2; svelte 5.46.4; @sveltejs/kit 2.49.5; @sveltejs/adapter-node 5.5.1.
• devalue CVEs (CVE-2026-22775 and CVE-2026-22774) allow large-memory allocations when parsing user-controlled input; different affected version ranges apply.
• SvelteKit binary deserializer DoS (CVE-2026-22803) affects @sveltejs/kit 2.49.0–2.49.4 when experimental.remoteFunctions is enabled and form is used.
• Prerendering flaw (CVE-2025-67647) impacts @sveltejs/kit 2.44.0–2.49.4 for DoS; a broader range (2.19.0–2.49.4) plus adapter-node without ORIGIN/configured Host validation can allow SSRF and possible SXSS via cache poisoning.
• svelte XSS (CVE-2025-15265) affects svelte 5.46.0–5.46.3 when hydratable is used with unsanitized, user-controlled keys.
• Patched svelte and @sveltejs/kit releases include upgraded devalue dependencies where applicable.
• SvelteKit apps that do not enable remote functions are not vulnerable to the devalue-based remote-parameter issues.
• The Svelte team thanked responsible reporters and the Vercel security team for assistance during disclosure.

What to watch next

• Verify whether your application enables experimental.remoteFunctions or uses Remote Functions parameters — those are explicitly called out as vulnerable.
• If you use @sveltejs/adapter-node and prerendering, ensure ORIGIN is configured or that a reverse proxy enforces Host header validation.
• Whether active exploit attempts are occurring in the wild: not confirmed in the source.

Quick glossary

• DoS (Denial of Service): An attack that makes a service unavailable, often by exhausting resources like CPU or memory.
• SSRF (Server-Side Request Forgery): A vulnerability that allows an attacker to make requests from a vulnerable server to internal or external resources.
• XSS (Cross-Site Scripting): Client-side code injection that allows attackers to run scripts in other users’ browsers.
• Prerendering: Generating HTML for routes ahead of time, typically at build or deploy time, to serve static content.
• Dependency upgrade: Updating a package to a newer version, often to incorporate bug fixes or security patches.

Reader FAQ

Which package versions fix these issues?
Upgrade to devalue 5.6.2, svelte 5.46.4, @sveltejs/kit 2.49.5, and @sveltejs/adapter-node 5.5.1.

How do I know if my app is vulnerable?
Check package versions and whether you use remote functions, experimental.remoteFunctions, prerendered routes, adapter-node without ORIGIN, or hydratable with user-controlled keys as described in the advisories.

How should I report a Svelte security issue?
Report vulnerabilities privately via the Security tab on the relevant repository or the main Svelte repo, per the project guidance.

Are there active exploit reports for these CVEs?
not confirmed in the source

CVEs affecting the Svelte ecosystem Time to upgrade ELLIOTT JOHNSON JAN 15 2026 We’ve released patches for 5 vulnerabilities across devalue, svelte, @sveltejs/kit, and @sveltejs/adapter-node. Here’s what you need to…

Sources

• CVEs affecting the Svelte ecosystem
• Security Disclosure of Vulnerabilities: CVE-2025-3930 …
• npm Security: The Complete Guide to Package Vulnerabilities
• Brand new sveltekit project depends on vulnable package

Related posts

• Anthropic’s Cowork inherits Claude Files-API exfiltration bug, security risk
• CodeBreach: CI regex flaw exposed core AWS GitHub repos to takeover
• Multiple CVEs in Svelte ecosystem prompt urgent package upgrades