CVE-2026-27901 — Vulnetix

CVE-2026-27901 PUBLISHED CVSS 5.300000190734863 MEDIUM

Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

EPSS 0.03% · 10.4th percentile

Risk Scores

CVSS v4.0

5.300000190734863

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

EPSS Score

0.03%

10.4th percentile

Affected Products

Vendor	Product	Versions
svelte	svelte	0, 5.53.5, 0
sveltejs	svelte	*, < 5.53.5, < 5.53.5
npm	svelte	0, 0, 0

Timeline

Feb 26, 2026 CVE Published
Feb 26, 2026 EPSS Score
Feb 27, 2026 EPSS Score
Feb 27, 2026 PoC Published
Mar 1, 2026 EPSS Score
Mar 2, 2026 EPSS Score
Mar 4, 2026 EPSS Score
Mar 5, 2026 EPSS Score
Mar 7, 2026 EPSS Score
Mar 8, 2026 EPSS Score
Mar 9, 2026 Security Advisory
Mar 10, 2026 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›