CVE-2026-27119

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.4 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N                                    

Vulnerability Description

svelte performance oriented web framework. From 5.39.3, <=5.51.4, in certain circumstances, the server-side rendering output of an <option> element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5.

Vulnerability Details

Published Date

February 19, 2026

Last Modified

February 23, 2026

CWE ID

CWE-79

Source

GitHub

Vendor

npm

Product

svelte

External References

https://github.com/sveltejs/svelte/security/advisories/GHSA-h7h7-mm68-gmrc
https://github.com/advisories/GHSA-h7h7-mm68-gmrc

CVE-2026-27119

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment