CVE Catalog
CVE-2026-42573
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.32%
24th percentile - higher than 24% of all known CVEs
Summary
Svelte prior to version 5.55.7 is vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks.
Risk Assessment
An attacker can exploit this vulnerability to inject malicious scripts, potentially leading to session data theft, account takeover, or other harmful actions.
Recommendation
Immediately update Svelte to version 5.55.7 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7.

