CVE Catalog

CVE-2026-42573

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile - higher than 24% of all known CVEs

Summary

Svelte prior to version 5.55.7 is vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks.

Risk Assessment

An attacker can exploit this vulnerability to inject malicious scripts, potentially leading to session data theft, account takeover, or other harmful actions.

Recommendation

Immediately update Svelte to version 5.55.7 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS