PatchSiren

elysiajs CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH elysiajs CVE published 2026-07-08

CVE-2026-56669

CVE-2026-56669 is a vulnerability in the Elysia framework that allows for CPU exhaustion via multipart/form-data endpoints. The issue arises from the use of getAll in form data normalization, causing the amount of work to grow quadratically with the number of unique key-value pairs. This vulnerability has been fixed in version 1.4.29 of the Elysia framework. Affected users should update to the latest vers [truncated]