CVE-2026-15697
Publication date 14 July 2026
Last updated 16 July 2026
Ubuntu priority
Cvss 3 Severity Score
Description
A vulnerability was found in svgdotjs svg.js up to 3.2.5. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in improperly controlled modification of object prototype attributes. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| node-svgdotjs-svg.js | 26.04 LTS resolute |
Needs evaluation
|
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release |
Severity score breakdown
CVSS version:
Base score
2.1 · Low
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Base score
6.3 · Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L