CVE-2026-25149

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0

Description An Open Redirect issue exists in Qwik City’s default request handler middleware. This allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation could allow attackers to create phishing links that appear to come from a trusted domain, but redirect the victim to a site controlled by the attacker.

Recommendations Update to version 1.19.0 or later.