CVE-2026-42573

Name of the Vulnerable Software and Affected Versions Svelte versions prior to 5.55.7

Description Svelte is a performance oriented web framework. The software is susceptible to DOM clobbering of its internal framework state on elements, which can potentially lead to Cross-Site Scripting (XSS) attacks. This occurs when attribute spreading is used on a form element and attribute spreading or dynamic values are used for the name attribute on an input or button element within that form, provided both are user-controllable.

Recommendations Update to version 5.55.7.