CVE-2026-27121 — Vulnetix

CVE-2026-27121 PUBLISHED CVSS 5.099999904632568 MEDIUM

Svelte affected by cross-site scripting via spread attributes in Svelte SSR

EPSS 0.01% · 1.4th percentile

Risk Scores

CVSS v4.0

5.099999904632568

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

EPSS Score

0.01%

1.4th percentile

Affected Products

Vendor	Product	Versions
sveltejs	svelte	*, < 5.51.5
npm	svelte	0, 0
svelte	svelte	0, 0

Timeline

Feb 19, 2026 CVE Published
Feb 21, 2026 EPSS Score
Feb 23, 2026 CVE Updated
Feb 23, 2026 EPSS Score
Feb 24, 2026 EPSS Score
Feb 26, 2026 EPSS Score
Feb 27, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 3, 2026 EPSS Score
Mar 4, 2026 EPSS Score
Mar 6, 2026 EPSS Score
Mar 8, 2026 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›