CVE-2026-41322: CWE-525: Use of Web Browser Cache Containing Sensitive Information in withastro astro
@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from _astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all subsequent requests to that file, regardless of if-match header will be served a 5xx error instead of the file until the cache expires. This vulnerability is fixed in 10.0.5.
AI Analysis
Technical Summary
The vulnerability in withastro Astro prior to version 10.0.5 involves improper handling of malformed if-match headers when requesting static JS/CSS resources from the _astro path. Instead of returning a 412 Precondition Failed status, the server returns a 500 Internal Server Error with a cache lifetime of one year. This results in clients caching the error response and receiving the 5xx error on subsequent requests until the cache expires, causing a denial of service for those static resources. The issue is resolved in Astro 10.0.5.
Potential Impact
The impact is limited to availability, causing a denial of service for static JS/CSS resources due to long-lived caching of 5xx error responses. There is no confidentiality or integrity impact reported. The CVSS score of 5.3 reflects a medium severity primarily due to the potential disruption of service.
Mitigation Recommendations
Upgrade to withastro Astro version 10.0.5 or later, where this issue is fixed. Patch status is confirmed by the vendor stating the vulnerability is resolved in 10.0.5. No other mitigation actions are indicated.
CVE-2026-41322: CWE-525: Use of Web Browser Cache Containing Sensitive Information in withastro astro
Description
@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from _astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all subsequent requests to that file, regardless of if-match header will be served a 5xx error instead of the file until the cache expires. This vulnerability is fixed in 10.0.5.
CVSS v3.1
Score 5.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in withastro Astro prior to version 10.0.5 involves improper handling of malformed if-match headers when requesting static JS/CSS resources from the _astro path. Instead of returning a 412 Precondition Failed status, the server returns a 500 Internal Server Error with a cache lifetime of one year. This results in clients caching the error response and receiving the 5xx error on subsequent requests until the cache expires, causing a denial of service for those static resources. The issue is resolved in Astro 10.0.5.
Potential Impact
The impact is limited to availability, causing a denial of service for static JS/CSS resources due to long-lived caching of 5xx error responses. There is no confidentiality or integrity impact reported. The CVSS score of 5.3 reflects a medium severity primarily due to the potential disruption of service.
Mitigation Recommendations
Upgrade to withastro Astro version 10.0.5 or later, where this issue is fixed. Patch status is confirmed by the vendor stating the vulnerability is resolved in 10.0.5. No other mitigation actions are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-20T14:01:46.671Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ebaa0487115cfb685ef427
Added to database: 4/24/2026, 5:36:04 PM
Last enriched: 5/1/2026, 8:39:14 PM
Last updated: 6/9/2026, 12:57:28 AM
Views: 92
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.