CVE-2026-42567
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk15th percentile - higher than 15% of all known CVEs
Summary
Svelte framework versions from 5.51.5 to before 5.55.7 contain an internal regex that can take exponential time to test in the <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7.
Risk Assessment
Exploitation of this vulnerability may lead to significant application slowdowns, affecting user experience and potentially causing system crashes.
Recommendation
It is recommended to upgrade to Svelte version 5.55.7 or later to mitigate this vulnerability.
Original NVD description (English source)
Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7.

