CVE-2026-15697 | svgdotjs svg.js up to 3.2.5 npm Package API svgdotjs/svg.js EventTarget.on prototype pollution (Issue 1343)
A vulnerability was found in svgdotjs svg.js up to 3.2.5. It has been classified as critical. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in improperly controlled modification of object prototype attributes.
This vulnerability was named CVE-2026-15697. The attack may be initiated remotely. In addition, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.