High severity7.5NVD Advisory· Published Apr 10, 2026· Updated Apr 15, 2026
CVE-2026-40073
CVE-2026-40073
Description
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected. This vulnerability is fixed in 2.57.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@sveltejs/kitnpm | < 2.57.1 | 2.57.1 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95nvdPatchWEB
- github.com/advisories/GHSA-2crg-3p73-43xpghsaADVISORY
- github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-40073ghsaADVISORY
- github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1ghsaWEB
- github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1nvdProductRelease NotesWEB
News mentions
0No linked articles in our index yet.