A serious cache deception flaw, dubbed SvelteSpill, affects SvelteKit applications deployed on Vercel, allowing attackers to steal sensitive user data like session tokens. Discovered by Aikido Security’s AI pentest on January 20, 2026, the issue stems from the SvelteKit Vercel adapter’s handling of the __pathname query parameter. Vercel has since fixed its platform-wide as of […] The post Cache Deception Vulnerability Found in SvelteKit and Vercel Combo Exposes User Data to Attackers appeared first on Cyber Security News.