CVE-2026-40074

Name of the Vulnerable Software and Affected Versions SvelteKit versions prior to 2.57.1

Description SvelteKit, a framework for developing web applications, is susceptible to a denial-of-service (DoS) condition. When the redirect function is invoked within the handle server hook with a location parameter containing characters invalid for an HTTP header, an unhandled TypeError occurs. This is particularly problematic when the location parameter passed to redirect includes unsanitized user input, potentially leading to DoS on certain platforms.

Recommendations Update to SvelteKit version 2.57.1 or later.