CVE-2026-42573

medium

Description

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7.

References

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42573.json

https://github.com/sveltejs/svelte/security/advisories/GHSA-rcqx-6q8c-2c42

https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7

https://bugzilla.redhat.com/show_bug.cgi?id=2487093

https://access.redhat.com/security/cve/CVE-2026-42573

Details

Source: Mitre, NVD

Published: 2026-06-09

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

Severity: Medium

EPSS

EPSS: 0.00047