CVE-2026-25155
HIGH WAF: Low
CVSS 7.1
Published: 2026-02-03
CWE-352
Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0.
WAF Coverage Analysis
Cross-Site Request Forgery (CSRF)
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| qwik | qwik | up to 1.12.0 |
References
- github.com (Patch)
- github.com (Vendor Advisory)