NodeJS Framework Vulnerability in AstroJS for SSR Site Deployments
CVE-2026-41322

5.3MEDIUM

Key Information:

Vendor: Withastro
Status: Astro
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-41322?

AstroJS, a framework used for deploying server-side rendered (SSR) sites, exhibits a vulnerability where requests for static JavaScript and CSS resources can result in improper error handling. In versions before 10.0.5, a malformed 'if-match' header can lead to a persistent 500 error, causing the affected resource to remain cached for a year. This behavior prevents subsequent requests from retrieving the valid file, effectively making it unavailable until the cache expires. The issue has been addressed in version 10.0.5, emphasizing the importance of maintaining updated software to mitigate such vulnerabilities.

Affected Version(s)

astro < 10.0.5

References

https://github.com/withastro/astro/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41322 Data

JSON

Withastro

What is CVE-2026-41322?

Affected Version(s)

References

CVSS V3.1

Timeline