CVE-2026-25149 - Qwik City Open Redirect via fixTrailingSlash

CVE ID : CVE-2026-25149 Published : Feb. 3, 2026, 10:16 p.m. | 49 minutes ago Description : Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convincing phishing links that appear to originate from the trusted domain but redirect the victim to an attacker-controlled site. This issue has been patched in version 1.19.0. Severity: 2.7 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...