CVE-2026-27121

medium

Red Hat

CVSS v3 Base Score

5.6

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

0.0%

Exploitation probability in 30 days

Top 92% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

Low

Integrity

Low

Availability

Low

Published: February 20, 2026 (82 days ago)

Last Modified: February 20, 2026

Vendor: Red Hat

Description

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. This vulnerability is fixed in 5.51.5.

CWE

CWE-79

Affected Products

Red Hat Build of Podman Desktop - Tech Preview

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com

CVE-2026-27121

Vulnerability Report

Description

CWE

Affected Products

References