{"id":"CVE-2026-42567","summary":"Svelte: ReDoS in `\u003csvelte:element\u003e` Tag Validation","details":"Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in \u003csvelte:element this={tag}\u003e\u003c/svelte:element\u003e. This issue has been patched in version 5.55.7.","aliases":["GHSA-9rmh-mm8f-r9h6"],"modified":"2026-07-08T08:13:25.764217955Z","published":"2026-06-09T16:22:22.703Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42567.json","cwe_ids":["CWE-1333"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42567.json"},{"type":"ADVISORY","url":"https://github.com/sveltejs/svelte/security/advisories/GHSA-9rmh-mm8f-r9h6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42567"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sveltejs/svelte","events":[{"introduced":"8ea33bf7fe86d0d53cbe4104419cda9b4bb0442f"},{"fixed":"4d8f99a2709e3c02e48d8bc6c77458f4ba49d0e3"}],"database_specific":{"source":["AFFECTED_FIELD","CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:svelte:svelte:*:*:*:*:*:node.js:*:*","extracted_events":[{"introduced":"5.51.5"},{"fixed":"5.55.7"}]}}],"versions":["svelte@5.55.6","svelte@5.55.5","svelte@5.55.4","svelte@5.55.3","svelte@5.55.2","svelte@5.55.1","svelte@5.55.0","svelte@5.54.1","svelte@5.54.0","svelte@5.53.13","svelte@5.53.12","svelte@5.53.11","svelte@5.53.10","svelte@5.53.9","svelte@5.53.8","svelte@5.53.7","svelte@5.53.6","svelte@5.53.5","svelte@5.53.4","svelte@5.53.3","svelte@5.53.2","svelte@5.53.1","svelte@5.53.0","svelte@5.52.0","svelte@5.51.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42567.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}