High severity7.5GHSA Advisory· Published Jun 9, 2026· Updated Jun 11, 2026
CVE-2026-42567
CVE-2026-42567
Description
Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sveltenpm | >= 5.51.5, < 5.55.7 | 5.55.7 |
Affected products
3Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-9rmh-mm8f-r9h6ghsaADVISORY
- github.com/sveltejs/svelte/security/advisories/GHSA-9rmh-mm8f-r9h6nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-42567ghsaADVISORY
- github.com/sveltejs/svelte/releases/tag/svelte%405.55.7nvdProductRelease NotesWEB
News mentions
0No linked articles in our index yet.