PatchSiren cyber security CVE debrief
CVE-2026-42573 sveltejs CVE debrief
CVE-2026-42573 is a MEDIUM severity vulnerability in Svelte, a performance-oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7.
- Vendor
- sveltejs
- Product
- svelte
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Users of Svelte framework versions prior to 5.55.7 should update to the patched version to prevent potential XSS attacks.
Technical summary
The vulnerability, with a CVSS score of 5.3, involves DOM clobbering of Svelte's internal framework state on elements. This could potentially lead to Cross-Site Scripting (XSS) attacks.
Defensive priority
MEDIUM
Recommended defensive actions
- Update Svelte to version 5.55.7 or later.
Evidence notes
Evidence from the National Vulnerability Database (NVD) and Svelte's official GitHub repository confirm the vulnerability and the patch.
Official resources
-
CVE-2026-42573 CVE record
CVE.org
-
CVE-2026-42573 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-42573 was published on 2026-06-09T17:17:07.400Z and modified on 2026-06-11T18:46:50.667Z.