Astro: Reflected XSS via unescaped slot name_CVE-2026-50146

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Description

Astro is a web framework. Prior to 6.3.3, when a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR. This vulnerability is fixed in 6.3.3.

Basic Information

ID CVE-2026-50146

Source GitHub_M

Published Jun 22, 2026 at 17:31

Affected Product

Vendor withastro

Product astro

Version < 6.3.3

Affected Versions withastro astro < 6.3.3

CWE Classification

CWE-80

References

github.com /withastro/astro/security/advisories/GHSA-8hv8-536x-4wqp

{
    "lastseen": "",
    "description": "Astro is a web framework. Prior to 6.3.3, when a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR. This vulnerability is fixed in 6.3.3.",
    "published": "2026-06-22T17:31:56.313Z",
    "modified": "2026-06-22T17:31:56.313Z",
    "type": "cve",
    "title": "Astro: Reflected XSS via unescaped slot name",
    "source": "GitHub_M",
    "references": "https://github.com/withastro/astro/security/advisories/GHSA-8hv8-536x-4wqp",
    "id": "CVE-2026-50146",
    "bulletinFamily": "",
    "cwe": [
        "CWE-80"
    ],
    "cvelist": null,
    "sourceData": "withastro astro < 6.3.3",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "astro",
    "version": "< 6.3.3",
    "vendor": "withastro",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}