cbcvebase.
CVE-2026-25155
published 2026-02-03

CVE-2026-25155: Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of…

PriorityP432high7.1CVSS 3.1
AVNACLPRNUIRSUCLIHAN
EPSS
0.13%
2.9th percentile
Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0.

Affected

3 ranges
VendorProductVersion rangeFixed in
builder.ioqwik-city>= 0 < 1.12.01.12.0
qwikqwik< 1.12.01.12.0
qwikdevqwik< 1.12.01.12.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.