{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/lxml/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["lxml \u003c= 6.1.0","lxml_html_clean \u003c 0.4.5","lxml.html.clean"],"_cs_severities":["high"],"_cs_tags":["xss","vulnerability","python","web-application","html-sanitization"],"_cs_type":"advisory","_cs_vendors":["lxml","lxml_html_clean"],"content_html":"\u003cp\u003eA critical vulnerability (CVE-2026-49825) has been identified in the \u003ccode\u003elxml_html_clean.Cleaner\u003c/code\u003e library (versions \u003ccode\u003e\u0026lt;= 0.4.4\u003c/code\u003e) and the legacy \u003ccode\u003elxml.html.clean\u003c/code\u003e module within \u003ccode\u003elxml\u003c/code\u003e (versions \u003ccode\u003e\u0026lt;= 6.1.0\u003c/code\u003e). This flaw allows \u003ccode\u003ejavascript:\u003c/code\u003e, \u003ccode\u003evbscript:\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e URLs to bypass HTML sanitization when present in namespaced attributes, specifically \u003ccode\u003exlink:href\u003c/code\u003e, and when the \u003ccode\u003eCleaner\u003c/code\u003e is instantiated with \u003ccode\u003esafe_attrs_only=False\u003c/code\u003e. The root cause is \u003ccode\u003elxml\u003c/code\u003e's \u003ccode\u003edefs.link_attrs\u003c/code\u003e allow-list, which \u003ccode\u003eiterlinks()\u003c/code\u003e relies on, not including \u003ccode\u003exlink:href\u003c/code\u003e, preventing the \u003ccode\u003e_remove_javascript_link\u003c/code\u003e function from being invoked for these attributes. This enables stored Cross-Site Scripting (XSS) attacks in web applications that use these libraries for sanitizing user-supplied HTML, potentially leading to client-side code execution in victim browsers. The bug affects applications that aim for lenient attribute handling but still expect URL scheme scrubbing.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious HTML payload containing a \u003ccode\u003ejavascript:\u003c/code\u003e URL embedded within an \u003ccode\u003exlink:href\u003c/code\u003e attribute, such as \u003ccode\u003e\u0026lt;svg\u0026gt;\u0026lt;a xlink:href=\u0026quot;javascript:alert(document.domain)\u0026quot;\u0026gt;click me\u0026lt;/a\u0026gt;\u0026lt;/svg\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker submits this malicious HTML to a web application (e.g., a forum post, comment section) that uses \u003ccode\u003elxml_html_clean.Cleaner\u003c/code\u003e or \u003ccode\u003elxml.html.clean\u003c/code\u003e to sanitize user input.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eCleaner\u003c/code\u003e instance is configured with \u003ccode\u003esafe_attrs_only=False\u003c/code\u003e, a documented option for allowing custom attributes while still expecting URL scheme scrubbing.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability (CVE-2026-49825), the \u003ccode\u003eCleaner\u003c/code\u003e fails to identify and strip the \u003ccode\u003ejavascript:\u003c/code\u003e URL from the \u003ccode\u003exlink:href\u003c/code\u003e attribute because it's not present in its internal \u003ccode\u003elink_attrs\u003c/code\u003e allow-list.\u003c/li\u003e\n\u003cli\u003eThe unsanitized malicious HTML payload is successfully stored in the application's database or file system.\u003c/li\u003e\n\u003cli\u003eA legitimate user accesses the web application page containing the stored malicious content, and their browser renders the SVG or MathML anchor element.\u003c/li\u003e\n\u003cli\u003eThe user clicks on the rendered link.\u003c/li\u003e\n\u003cli\u003eThe browser executes the embedded \u003ccode\u003ejavascript:\u003c/code\u003e URL in the context of the victim's domain, leading to client-side code execution (Stored XSS). This can result in session hijacking, data exfiltration, or further attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-49825 leads to stored Cross-Site Scripting (XSS), allowing attackers to execute arbitrary JavaScript in the context of a victim's browser session. This can result in sensitive data theft (e.g., session cookies, credentials), defacement of web pages, redirection to malicious sites, or further client-side attacks. The severity is rated as 8.2 / High (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N), emphasizing that the vulnerability is network-exploitable with low attack complexity, requires user interaction (clicking the link), but changes the security scope and can lead to high confidentiality impact. Exploitation is conditional on the \u003ccode\u003esafe_attrs_only=False\u003c/code\u003e configuration.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update \u003ccode\u003elxml_html_clean\u003c/code\u003e to version \u003ccode\u003e0.4.5\u003c/code\u003e or higher to remediate CVE-2026-49825, which addresses the flaw in URL scheme stripping.\u003c/li\u003e\n\u003cli\u003eIf still using \u003ccode\u003elxml.html.clean\u003c/code\u003e, ensure your \u003ccode\u003elxml\u003c/code\u003e library version incorporates the fix for CVE-2026-49825, or switch to the maintained \u003ccode\u003elxml_html_clean\u003c/code\u003e library.\u003c/li\u003e\n\u003cli\u003eReview all instances of \u003ccode\u003elxml_html_clean.Cleaner\u003c/code\u003e or \u003ccode\u003elxml.html.clean\u003c/code\u003e instantiation within your applications, especially those configured with \u003ccode\u003esafe_attrs_only=False\u003c/code\u003e, to ensure they are adequately sanitizing all user-supplied HTML.\u003c/li\u003e\n\u003cli\u003eImplement Content Security Policies (CSPs) with strict \u003ccode\u003escript-src\u003c/code\u003e directives to mitigate the impact of any successful XSS attempts, even if this vulnerability is exploited.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-08T20:28:11Z","date_published":"2026-07-08T20:28:11Z","id":"https://feed.craftedsignal.io/briefs/2026-07-lxml-xss-bypass/","summary":"The `lxml_html_clean.Cleaner` Python library, and the `lxml.html.clean` module in `lxml`, fails to strip `javascript:`, `vbscript:`, and `data:` URLs from namespaced attributes like `xlink:href` when configured with `safe_attrs_only=False`. This vulnerability, identified as CVE-2026-49825, is a form of stored Cross-Site Scripting (XSS) that allows malicious JavaScript to bypass sanitization, enabling client-side code execution if an application processes and renders untrusted HTML containing such payloads.","title":"`lxml_html_clean` `javascript:` URL Bypass via `xlink:href` (CVE-2026-49825)","url":"https://feed.craftedsignal.io/briefs/2026-07-lxml-xss-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - Lxml","version":"https://jsonfeed.org/version/1.1"}