Prototype Pollution Vulnerability in svgdotjs svg.js by svgdotjs
CVE-2026-15697

5.3MEDIUM

Key Information:

Vendor

Svgdotjs

Status
Vendor
CVE Published:
14 July 2026

What is CVE-2026-15697?

A vulnerability exists in the svgdotjs svg.js library, specifically within the EventTarget.on function. This flaw leads to insecure manipulation of object prototype attributes, potentially allowing an attacker to execute unwanted modifications. The issue can be exploited remotely, posing significant risks to applications relying on this library. Although the svgdotjs team was notified of the vulnerability, no updates or fixes have been provided yet.

Affected Version(s)

svg.js 3.2.0

svg.js 3.2.1

svg.js 3.2.2

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

wjm1 (VulDB User)
VulDB CNA Team
.