CVE Catalog

CVE-2026-42567

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

15th percentile - higher than 15% of all known CVEs

Summary

Svelte framework versions from 5.51.5 to before 5.55.7 contain an internal regex that can take exponential time to test in the <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7.

Risk Assessment

Exploitation of this vulnerability may lead to significant application slowdowns, affecting user experience and potentially causing system crashes.

Recommendation

It is recommended to upgrade to Svelte version 5.55.7 or later to mitigate this vulnerability.

Original NVD description (English source)

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS