Cyberpress
Cache Deception Vulnerability in SvelteKit and Vercel Exposes User Data
First seen 20 Feb 2026, 10:16 UTC
•


•80% similarity
•45.3
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A cache deception vulnerability was discovered in applications built with SvelteKit and deployed on Vercel, allowing attackers to read responses from other signed-in users. The issue was reported by an AI agent during testing and was confirmed reproducible. Vercel issued a fix for the vulnerability on February 19, 2026.
ThreatCluster AI
Timeline
2026-02-19
Vercel released a patch for the vulnerability
2026-02-19
Aikido.Dev published article detailing the vulnerability
2026-02-20
Cyberpress published article on the vulnerability