Junha Heo

1 exploit Active since Jan 2026
CVE-2026-22803 WRITEUP HIGH WRITEUP
SvelteKit 2.49.0-2.49.4 - Denial of Service via Form Remote Function Memory Exhaustion
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. This vulnerability is fixed in 2.49.5.
CVSS 7.5