HIGH
elysiajs
CVE published 2026-07-08
CVE-2026-56669
CVE-2026-56669 is a vulnerability in the Elysia framework that allows for CPU exhaustion via multipart/form-data endpoints. The issue arises from the use of getAll in form data normalization, causing the amount of work to grow quadratically with the number of unique key-value pairs. This vulnerability has been fixed in version 1.4.29 of the Elysia framework. Affected users should update to the latest vers [truncated]