{
  "threat_severity" : "Moderate",
  "public_date" : "2026-02-26T00:57:40Z",
  "bugzilla" : {
    "description" : "svelte: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent",
    "id" : "2442918",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2442918"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-79",
  "details" : [ "Svelte performance oriented web framework. Prior to version 5.53.5, the contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting (XSS) if rendering untrusted data as the binding's initial value on the server. Version 5.53.5 fixes the issue.", "A flaw was found in svelte, a performance-oriented web framework. When rendering untrusted data as the initial value for `bind:innerText` and `bind:textContent` on `contenteditable` elements on the server, the contents were not properly escaped. This improper handling could allow a remote attacker to perform HTML injection and Cross-Site Scripting (XSS), leading to the execution of malicious scripts in the user's browser." ],
  "package_state" : [ {
    "product_name" : "Red Hat Build of Podman Desktop - Tech Preview",
    "fix_state" : "Will not fix",
    "package_name" : "rhdesktop/rh-podman-desktop-ext-bootc-rhel10",
    "cpe" : "cpe:/a:redhat:podman_desktop:0"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-27901\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27901\nhttps://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d\nhttps://github.com/sveltejs/svelte/releases/tag/svelte%405.53.5\nhttps://github.com/sveltejs/svelte/security/advisories/GHSA-phwv-c562-gvmh" ],
  "name" : "CVE-2026-27901",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}