Threats Tagged 'cve-2026-25155'
View all threats tagged with 'cve-2026-25155'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-25155'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-25155: CWE-352: Cross-Site Request Forgery (CSRF) in QwikDev qwikCVE-2026-25155 0 CVE-2026-25155 is a medium severity Cross-Site Request Forgery (CSRF) vulnerability in the Qwik JavaScript framework versions prior to 1.12.0. The flaw stems from a typo in the regular expression used by the isContentType function, causing improper parsing of certain Content-Type headers. This parsing error can be exploited by attackers to craft malicious requests that bypass normal CSRF protections, potentially leading to unauthorized actions with high integrity impact but low confidentiality and no availability impact. The vulnerability requires user interaction and remote network access but no authentication. Although no known exploits are reported in the wild, organizations using vulnerable Qwik versions should upgrade to 1.12.0 or later. European organizations that heavily rely on Qwik for web applications, especially in countries with significant software development ecosystems, are at risk. Join the discussion | CVE Database V5 | 02/03/2026, 21:12:13 UTC Added: 02/03/2026, 21:30:11 UTC |
Showing 1 to 1 of 1 result