HIGH
withastro
CVE published 2026-06-22
CVE-2026-50146
CVE-2026-50146 is a reflected XSS vulnerability in the Astro web framework. The vulnerability occurs when a component uses a client:* directive, allowing an attacker to inject arbitrary HTML by breaking out of the attribute context. This issue was fixed in Astro version 6.3.3. The vulnerability has a CVSS score of 7.1 and is considered HIGH severity. The CVE was published on June 22, 2026, and modified on [truncated]