Description
KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML.
Recommendation
Update the katex package to the latest compatible version. Followings are version details:
- Affected version(s): >= 0.12.0, <= 0.16.20
- Patched version(s): 0.16.21
References
Related Issues
- Svelte SSR does not validate dynamic element tag names in `<svelte:element>` - CVE-2026-27122
- Payload does not invalidate JWTs after log out - CVE-2025-4643
- Payload does not invalidate JWTs after log out (GHSA-5v66-m237-hwf7) - CVE-2025-4643
- Payload does not invalidate JWTs after log out (GHSA-5v66-m237-hwf7) 2 - CVE-2025-4643
- Tags:
- npm
- katex
Anything's wrong? Let us know Last updated on September 10, 2025