PT-2026-33834 · Undefined · Undefined

Published

2026-04-20

Updated

2026-04-20

CVE-2026-41251

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

I found a stored XSS vulnerability in @LenisSmooth that affected 800,000+ weekly npm downloads across Next.js, Nuxt, and SvelteKit deployments.

Fixed in v1.3.22. Assigned CVE-2026-41251. If you're using Lenis — please update now. #BugBounty #XSS #WebSecurity #OpenSource #CVE https://t.co/tsfYQ33N3I

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-41251

Affected Products

Undefined

PT-2026-33834 · Undefined · Undefined

CVE-2026-41251

Related Identifiers

Affected Products

References · 1