A vulnerability was found in withastro astro up to 6.4.5 . It has been classified as problematic . This issue affects the function spreadAttributes . Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-54298 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.