{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28350", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-26T18:38:13.890Z", "datePublished": "2026-03-05T19:49:55.662Z", "dateUpdated": "2026-03-06T17:05:13.841Z"}, "containers": {"cna": {"title": "lxml_html_clean: <base> tag injection through default Cleaner configuration", "problemTypes": [{"descriptions": [{"cweId": "CWE-116", "lang": "en", "description": "CWE-116: Improper Encoding or Escaping of Output", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c"}, {"name": "https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34", "tags": ["x_refsource_MISC"], "url": "https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34"}], "affected": [{"vendor": "fedora-python", "product": "lxml_html_clean", "versions": [{"version": "< 0.4.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-05T19:49:55.662Z"}, "descriptions": [{"lang": "en", "value": "lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the <base> tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <base>, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4."}], "source": {"advisory": "GHSA-xvp8-3mhv-424c", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T17:05:07.014572Z", "id": "CVE-2026-28350", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T17:05:13.841Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28350", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-06T17:05:07.014572Z"}}}], "references": [{"url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T17:04:58.691Z"}}], "cna": {"title": "lxml_html_clean: <base> tag injection through default Cleaner configuration", "source": {"advisory": "GHSA-xvp8-3mhv-424c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "fedora-python", "product": "lxml_html_clean", "versions": [{"status": "affected", "version": "< 0.4.4"}]}], "references": [{"url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c", "name": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34", "name": "https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the <base> tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <base>, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-116", "description": "CWE-116: Improper Encoding or Escaping of Output"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-05T19:49:55.662Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28350", "state": "PUBLISHED", "dateUpdated": "2026-03-06T17:05:13.841Z", "dateReserved": "2026-02-26T18:38:13.890Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-05T19:49:55.662Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoralovespython:lxml_html_clean:*:*:*:*:*:python:*:*", "matchCriteriaId": "A0BBE70C-C635-4143-83FD-87D7D95B37DD", "versionEndExcluding": "0.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the <base> tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <base>, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4."}, {"lang": "es", "value": "lxml_html_clean es un proyecto para funcionalidades de limpieza de HTML copiadas de 'lxml.html.clean'. Antes de la versi\u00f3n 0.4.4, la etiqueta pasa a trav\u00e9s de la configuraci\u00f3n predeterminada de Cleaner. Aunque page_structure=True elimina las etiquetas html, head y title, no hay un manejo espec\u00edfico para , permitiendo a un atacante inyectarla y secuestrar enlaces relativos en la p\u00e1gina. Este problema ha sido parcheado en la versi\u00f3n 0.4.4."}], "id": "CVE-2026-28350", "lastModified": "2026-03-09T20:55:26.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-05T20:16:16.333", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.4.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "lxml_html_clean", "vendor": "fedora-python"}], "analysis": {"en": {"generated_at": "2026-04-16T12:11:11.827855+00:00", "value": {"mitigation_remediation": ["Update lxml_html_clean to version 0.4.4 or later, which removes the <base> tag from cleaned output.", "Verify that the Cleaner configuration in the application does not allow <base> tags through; explicitly disable or strip base elements if using an older version.", "If upgrading is not possible, remove the <base> tag from the input or modify the Cleaner to exclude base elements before proceeding with cleanup."], "summary": {"action": "Patch Update", "impact": "Hijack of relative URLs via injected <base> tags"}, "threat_synthesis": {"affected_systems": "fedora-python\u2019s lxml_html_clean package is impacted. Versions prior to 0.4.4, including the default configuration used by applications relying on the library, are vulnerable. The issue is resolved in 0.4.4 and later.", "description_and_impact": "An attacker can inject a <base> element into HTML processed by lxml_html_clean because the default Cleaner configuration does not remove it. Once in place, all relative URLs in the page resolve to the attacker\u2011supplied base, allowing malicious links or redirects. The flaw is identified as CWE\u2011116 and results in a moderate risk of phishing or compromised navigation for users.", "risk_and_exploitability": "The CVSS score of 6.1 indicates a medium\u2011to\u2011high severity. The EPSS score of less than 1\u202f% suggests that exploitation is unlikely but not impossible. The vulnerability is not listed in the CISA KEV catalog, and no commercial exploit is known. Attackers could exploit the flaw by submitting malicious HTML content to any application that imports lxml_html_clean with the default Cleaner settings, thereby hijacking relative links."}}}}, "created": "2026-03-06T15:01:10.290355+00:00", "updated": "2026-04-16T12:15:35.093406+00:00", "vendors": ["fedora-python", "fedora-python$PRODUCT$lxml_html_clean"]}