Vulnerabilities

CVE-2026-41067

by Fred · 24/04/2026

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro’s server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline , , or and inject arbitrary HTML/JavaScript. This vulnerability is fixed in 6.1.6.

More information : https://github.com/withastro/astro/security/advisories/GHSA-j687-52p2-xcff

Similar

Tags: Cybersecurity Alert