Prototype Pollution Vulnerability in svgdotjs svg.js by svgdotjs
CVE-2026-15697
5.3MEDIUM
What is CVE-2026-15697?
A vulnerability exists in the svgdotjs svg.js library, specifically within the EventTarget.on function. This flaw leads to insecure manipulation of object prototype attributes, potentially allowing an attacker to execute unwanted modifications. The issue can be exploited remotely, posing significant risks to applications relying on this library. Although the svgdotjs team was notified of the vulnerability, no updates or fixes have been provided yet.
Affected Version(s)
svg.js 3.2.0
svg.js 3.2.1
svg.js 3.2.2
