CVE-2026-28350— lxml_html_clean: <base> tag injection through default Cleaner configuration
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-28350
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
lxml_html_clean: <base> tag injection through default Cleaner configuration
Source: NVD (National Vulnerability Database)
Vulnerability Description
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the <base> tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <base>, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对输出编码和转义不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
lxml_html_clean 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
lxml_html_clean是Fedora Python SIG开源的一个从 lxml.HTML.clean 复制的 HTML 清理功能的单独项目。 lxml_html_clean 0.4.4之前版本存在安全漏洞,该漏洞源于base标签通过默认Cleaner配置,可能导致攻击者注入该标签并劫持页面上的相对链接。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| fedora-python | lxml_html_clean | < 0.4.4 | - |
II. Public POCs for CVE-2026-28350
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-28350
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-116
- CVE-2026-42810
Apache Polaris: could broaden vended S3 credentials through - CVE-2026-42040
Axios: Null Byte Injection via Reverse-Encoding in AxiosURLS - CVE-2026-40567
FreeScout has HTML Injection in Outgoing Emails via Unsaniti - CVE-2026-6058
Zyxel WRE6505 安全漏洞 - CVE-2026-20136
Cisco Identity Services Engine Authenticated Privilege Escal
V. Comments for CVE-2026-28350
No comments yet