CVE-2026-30226

Name of the Vulnerable Software and Affected Versions Svelte devalue versions prior to 5.6.4

Description Svelte devalue is a JavaScript library used for serializing values into strings when JSON.stringify is insufficient. Versions 5.6.3 and earlier of devalue.parse and devalue.unflatten are susceptible to prototype pollution through maliciously crafted payloads. Successful exploitation could result in Denial of Service (DoS) or type confusion.

Recommendations Update to version 5.6.4 or later.