A cache deception vulnerability in SvelteKit apps deployed on Vercel exposes sensitive user data to attackers. The flaw allows publicly cached responses to be authenticated.
SvelteKit, a full-stack JavaScript framework, often pairs with Vercel for deployment. The issue stems from the Vercel adapter in SvelteKit, where the __pathname query parameter overrides the request path without any checks.
This affects paths under /_app/immutable/, which Vercel caches aggressively with headers like Cache-Control: public, immutable, max-age=31536000.
Attackers trick logged-in users into visiting a crafted URL, such as https://example.vercel.app/_app/immutable/x?__pathname=/api/session.
The adapter rewrites the path to a sensitive endpoint /api/session, fetches private data using the victim’s cookies, and caches it publicly due to the static-like prefix.
Later, the attacker requests the same URL without cookies and retrieves the data from cache, marked as X-Vercel-Cache: HIT.
Vercel’s caching rules make any 200 OK response under /_app/immutable/ cacheable, ignoring private content.
This impacts any SvelteKit site on Vercel using cookie-based auth for protected routes, with no app changes needed. A related flaw enables denial-of-service via memory exhaustion in an experimental SvelteKit feature.
| CVE/GHSA ID | Description |
|---|---|
| CVE-2026-27118 (GHSA-9pq4-5hcf-288c) | Cache deception/poisoning via __pathname param in adapter-vercel |
AI agent spotted the __pathname behavior in SvelteKit’s serverless.js adapter while testing. Designed for Incremental Static Regeneration (ISR), it lacked path validation, enabling overrides like /?__pathname=/404 to work universally.
Initial cache-poisoning attempts failed because Vercel’s static asset handling bypassed the adapter.
Attackers exploit unkeyed cache inputs to store harmful payloads, like XSS, under common URLs. Unlike cache deception, which tricks caches into storing private data publicly, poisoning alters backend responses first
Pivoting to cache deception succeeded: Caches apply rules based on URL paths or extensions, like caching .css files publicly. Attackers append fake static suffixes (e.g., /user/profile.css) to dynamic endpoints.
The origin sees the dynamic path, serves user data with cookies; the cache stores it as static due to parsing differences.
In SvelteKit-Vercel, __pathname=/api/session on /_app/immutable/x fooled immutable caching, exposing tokens.
Aikido was disclosed on January 21, 2026, after PoC on January 20. Vercel triaged January 23, confirmed February 9, and fixed February 19 by forcing 404s on invalid /_app/immutable/ paths and stripping __pathname.
The patch is automatic for Vercel-hosted apps via platform controls. Users should upgrade @sveltejs/adapter-vercel to 6.3.2+ and rescan repos with tools like Aikido.
| Timeline Event | Date |
|---|---|
| Discovery and PoC | Jan 20, 2026 |
| Disclosure to Vercel | January 20, 2026 |
| Report Triaged | January 21, 2026 |
| Fix Work Started | January 23, 2026 |
| Fixed and Advisory Published | February 9, 2026 |
Impacts any SvelteKit site on Vercel with protected routes. CVSS 5.3 reflects no privileges needed, but user interaction for deception.
Upgrade @sveltejs/adapter-vercel To the latest for safety. Caching layers demand caution; simple prefixes can hide platform quirks.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
