CVE-2026-27901 | sveltejs svelte up to 5.53.4 bind:innerText/bind:textContent cross site scripting (GHSA-phwv-c562-gvmh)

Inserito da Angelo Barbosa | Feb 26, 2026 | CVE

A vulnerability was found in sveltejs svelte up to 5.53.4 and classified as problematic. This affects an unknown function. Such manipulation of the argument bind:innerText/bind:textContent leads to cross site scripting.

This vulnerability is referenced as CVE-2026-27901. It is possible to launch the attack remotely. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-27901 | sveltejs svelte up to 5.53.4 bind:innerText/bind:textContent cross site scripting (GHSA-phwv-c562-gvmh)

Post correlati

CVE-2024-5196 | Arris VAP2500 08.50 /tools_command.php cmb_header/txt_command command injection

CVE-2025-5941 | Netskope Client up to 128.0.0 NS Client out-of-bounds (nskpsa-2025-001)

CVE-2023-6241 | ARM Midgard GPU Kernel Driver use after free

CVE-2021-27917 | Mautic up to 4.4.12/5.1.0 Report cross site scripting (GHSA-xpc5-rr39-v8v2)