Product
A CPU exhaustion vulnerability (CVE-2026-49250) exists in Conform's `parseSubmission` API when parsing `FormData` or `URLSearchParams` with many unique field names, allowing an attacker to craft a submission that causes excessive synchronous CPU work and potential denial of service by repeatedly scanning submitted entries.