lxml_html_clean, URL Hijacking, CVE-2026-28350 (Medium)

Listen to this Post

The vulnerability stems from the HTML cleaning library `lxml_html_clean` failing to remove the `` tag in its default configuration. The library’s Cleaner, when initialized with page_structure=True, correctly removes structural tags like <html>, <head>, and `<>` to sanitize page content. However, it lacks specific handling for the `` tag, allowing it to pass through the filter unaltered. The `` tag defines the base URL for all relative links (e.g., <a href="page.html">, <img src="image.jpg">) within a document. By injecting a `` tag, an attacker can hijack the resolution of every relative URL on the page. All subsequent relative links, form submissions, and resource loads are redirected to the attacker-controlled domain, enabling phishing, data exfiltration, or serving of malicious scripts. This attack requires user interaction, such as tricking a user into viewing a page containing the maliciously crafted, uncleaned HTML. The fix, implemented in version 0.4.4, automatically removes any `` tag whenever the `` tag is removed, aligning with HTML specifications that require `` to be a child of `` .
Platform: lxml_html_clean library
Version: Prior to 0.4.4
Vulnerability : Base tag injection
Severity: Medium (6.1)
Date: March 5, 2026

Prediction: Patch already available

What Undercode Say:

How Exploit:

An attacker can exploit this vulnerability by injecting a malicious `` tag into HTML content that is subsequently sanitized by a vulnerable version of `lxml_html_clean` (prior to 0.4.4). For example, if an application uses the library to clean user-submitted HTML for display, the following payload would survive the cleaning process: <base href="https://evil.com/">. When a victim views the page, all relative URLs (e.g., <a href="/dashboard">) will resolve to `https://evil.com/dashboard` instead of the legitimate domain. This could redirect users to a fake login page for credential harvesting.

Protection from this CVE

  1. Immediate Patching: Upgrade the `lxml-html-clean` package to version 0.4.4 or later. This can be done using pip:
    pip install --upgrade lxml-html-clean
    
  2. Verify Installed Version: Check the current version of the library in your environment with:
    pip show lxml-html-clean | grep Version
    

    If the version displayed is 0.4.3 or lower, it is vulnerable.

  3. Manual Configuration (if patching is delayed): As a temporary workaround, you can manually configure the `Cleaner` to explicitly kill the `base` tag. However, this is not a substitute for upgrading.
    from lxml_html_clean import Cleaner
    Explicitly remove the 'base' tag
    cleaner = Cleaner(
    page_structure=True,
    kill_tags={'base'} Add base to the kill list
    )
    cleaned_html = cleaner.clean_html(untrusted_html)
    

Impact

URL Hijacking: An attacker can redirect all relative links on a page to a malicious domain, leading users to phishing sites or pages hosting malware .
Integrity Compromise: Relative paths for scripts, stylesheets, and form actions can be hijacked, allowing an attacker to inject malicious code or steal form data .
Confidentiality Impact: Sensitive information submitted via hijacked forms can be sent to an attacker’s server .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top