๐Ÿ” CVE Alert

CVE-2026-56669

HIGH 7.5

Elysia: Inefficient Algorithmic Complexity and Interpretation Conflict

CVSS Score
7.5
EPSS Score
0.4%
EPSS Percentile
28th

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for multipart/form-data endpoints, causing the amount of work to grow quadratically with the number of unique key-value pairs and allowing CPU exhaustion. This issue is fixed in version 1.4.29.

CWE CWE-407 CWE-436
Vendor elysiajs
Product elysia
Published Jul 8, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for elysiajs elysia

Be the first to know when new high vulnerabilities affecting elysiajs elysia are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

elysiajs / elysia
< 1.4.29

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/elysiajs/elysia/security/advisories/GHSA-9643-4qgh-g8mx github.com: https://github.com/elysiajs/elysia/commit/8358ff9efbcedf9534995f5977f26b9ceab59329 gist.github.com: https://gist.github.com/jviide/ea040eabe7bac058326174e2cd42dfd9 github.com: https://github.com/elysiajs/elysia/releases/tag/1.4.29