Home / Vulnerability Intelligence / CVE-2026-27729

CVE-2026-27729 - Vulnerability Analysis

MediumCVSS: 5.9

Last Updated: February 25, 2026

Astro - Denial of Service

Published: February 24, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable

Overview

Astro 9.0.0 through 9.5.3 contains a denial of service caused by lack of request body size limit in server actions, letting unauthenticated attackers crash the server via oversized POST requests, exploit requires no authentication.

Severity & Score

Severity: Medium

CVSS Score: 5.9

Impact

Unauthenticated attackers can crash the server process causing denial of service and persistent crash-restart loops in containerized environments.

Mitigation

Upgrade to version 9.5.4 or later.

References

https://github.com/withastro/astro/commit/522f880b07a4ea7d69a19b5507fb53a5ed6c87f8
https://github.com/withastro/astro/pull/15564
https://github.com/withastro/astro/releases/tag/%40astrojs%2Fnode%409.5.4
https://github.com/withastro/astro/security/advisories/GHSA-jm64-8m5q-4qh8

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-27729
Severity: Medium
CVSS Score: 5.9
Type: denial_of_service
Status: confirmed

CWE

CWE-770

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H