Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-27119

CVE-2026-27119

MEDIUM5.1

Svelte affected by XSS in SSR `<option>` element

Published Feb 20, 2026

Modified 1 weeks ago

Details

svelte performance oriented web framework. From 5.39.3, <=5.51.4, in certain circumstances, the server-side rendering output of an <option> element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5.

References

https://github.com/sveltejs/svelte/security/advisories/GHSA-h7h7-mm68-gmrc

https://www.cve.org/CVERecord?id=CVE-2026-27119

CVSS Analysis

CVSS v4.0

5.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Attack Requirements

PresentAT:P

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

LowVC:L

Vuln. Integrity

NoneVI:N

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

HighSC:H

Subseq. Integrity

HighSI:H

Subseq. Availability

NoneSA:N

5.1/CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

Weakness Type (CWE)

Injection

Cross-site Scripting (XSS)

Ecosystems

Timeline

PublishedFeb 20, 2026

ModifiedFeb 23, 2026

CVE-2026-27119 | Mondoo Vulnerability Intelligence