Typescript Framework Vulnerability in Elysia for Request Validation and API Communication
CVE-2026-56669
7.5HIGH
What is CVE-2026-56669?
The Elysia framework, a TypeScript solution for request validation and API communication, is susceptible to a vulnerability prior to version 1.4.29. This issue arises from the use of the 'getAll' method during form data normalization for multipart/form-data endpoints. As the number of unique key-value pairs increases, the processing workload grows quadratically, potentially leading to CPU exhaustion. This vulnerability has been addressed in the release of version 1.4.29, enhancing the framework's resilience against such attacks.
Affected Version(s)
elysia < 1.4.29
