Sign In

CVE-2026-42573

ADVISORY - github

Summary

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks.

You are vulnerable if all of the following is true:

  • you are using attribute spreading on a form element
  • you are using attribute spreading or allow a dynamic value for the name attribute on an input or button element within that form
  • both of these are simultaneously user-controllable
<form {...spread1}>
  <input {...spread2}>
</form>

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in