<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Lxml.html.clean - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/lxml.html.clean/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 08 Jul 2026 20:28:11 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/lxml.html.clean/feed.xml" rel="self" type="application/rss+xml"/><item><title>`lxml_html_clean` `javascript:` URL Bypass via `xlink:href` (CVE-2026-49825)</title><link>https://feed.craftedsignal.io/briefs/2026-07-lxml-xss-bypass/</link><pubDate>Wed, 08 Jul 2026 20:28:11 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-lxml-xss-bypass/</guid><description>The `lxml_html_clean.Cleaner` Python library, and the `lxml.html.clean` module in `lxml`, fails to strip `javascript:`, `vbscript:`, and `data:` URLs from namespaced attributes like `xlink:href` when configured with `safe_attrs_only=False`. This vulnerability, identified as CVE-2026-49825, is a form of stored Cross-Site Scripting (XSS) that allows malicious JavaScript to bypass sanitization, enabling client-side code execution if an application processes and renders untrusted HTML containing such payloads.</description><content:encoded><![CDATA[<p>A critical vulnerability (CVE-2026-49825) has been identified in the <code>lxml_html_clean.Cleaner</code> library (versions <code>&lt;= 0.4.4</code>) and the legacy <code>lxml.html.clean</code> module within <code>lxml</code> (versions <code>&lt;= 6.1.0</code>). This flaw allows <code>javascript:</code>, <code>vbscript:</code>, and <code>data:</code> URLs to bypass HTML sanitization when present in namespaced attributes, specifically <code>xlink:href</code>, and when the <code>Cleaner</code> is instantiated with <code>safe_attrs_only=False</code>. The root cause is <code>lxml</code>'s <code>defs.link_attrs</code> allow-list, which <code>iterlinks()</code> relies on, not including <code>xlink:href</code>, preventing the <code>_remove_javascript_link</code> function from being invoked for these attributes. This enables stored Cross-Site Scripting (XSS) attacks in web applications that use these libraries for sanitizing user-supplied HTML, potentially leading to client-side code execution in victim browsers. The bug affects applications that aim for lenient attribute handling but still expect URL scheme scrubbing.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious HTML payload containing a <code>javascript:</code> URL embedded within an <code>xlink:href</code> attribute, such as <code>&lt;svg&gt;&lt;a xlink:href=&quot;javascript:alert(document.domain)&quot;&gt;click me&lt;/a&gt;&lt;/svg&gt;</code>.</li>
<li>The attacker submits this malicious HTML to a web application (e.g., a forum post, comment section) that uses <code>lxml_html_clean.Cleaner</code> or <code>lxml.html.clean</code> to sanitize user input.</li>
<li>The <code>Cleaner</code> instance is configured with <code>safe_attrs_only=False</code>, a documented option for allowing custom attributes while still expecting URL scheme scrubbing.</li>
<li>Due to the vulnerability (CVE-2026-49825), the <code>Cleaner</code> fails to identify and strip the <code>javascript:</code> URL from the <code>xlink:href</code> attribute because it's not present in its internal <code>link_attrs</code> allow-list.</li>
<li>The unsanitized malicious HTML payload is successfully stored in the application's database or file system.</li>
<li>A legitimate user accesses the web application page containing the stored malicious content, and their browser renders the SVG or MathML anchor element.</li>
<li>The user clicks on the rendered link.</li>
<li>The browser executes the embedded <code>javascript:</code> URL in the context of the victim's domain, leading to client-side code execution (Stored XSS). This can result in session hijacking, data exfiltration, or further attacks.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-49825 leads to stored Cross-Site Scripting (XSS), allowing attackers to execute arbitrary JavaScript in the context of a victim's browser session. This can result in sensitive data theft (e.g., session cookies, credentials), defacement of web pages, redirection to malicious sites, or further client-side attacks. The severity is rated as 8.2 / High (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N), emphasizing that the vulnerability is network-exploitable with low attack complexity, requires user interaction (clicking the link), but changes the security scope and can lead to high confidentiality impact. Exploitation is conditional on the <code>safe_attrs_only=False</code> configuration.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update <code>lxml_html_clean</code> to version <code>0.4.5</code> or higher to remediate CVE-2026-49825, which addresses the flaw in URL scheme stripping.</li>
<li>If still using <code>lxml.html.clean</code>, ensure your <code>lxml</code> library version incorporates the fix for CVE-2026-49825, or switch to the maintained <code>lxml_html_clean</code> library.</li>
<li>Review all instances of <code>lxml_html_clean.Cleaner</code> or <code>lxml.html.clean</code> instantiation within your applications, especially those configured with <code>safe_attrs_only=False</code>, to ensure they are adequately sanitizing all user-supplied HTML.</li>
<li>Implement Content Security Policies (CSPs) with strict <code>script-src</code> directives to mitigate the impact of any successful XSS attempts, even if this vulnerability is exploited.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>xss</category><category>vulnerability</category><category>python</category><category>web-application</category><category>html-sanitization</category></item></channel></rss>