CVE-2026-28348

Name of the Vulnerable Software and Affected Versions lxml html clean versions prior to 0.4.4

Description The has sneaky javascript() method in lxml html clean incorrectly strips backslashes before checking for dangerous CSS keywords. This allows CSS Unicode escape sequences to bypass the @import and expression() filters, potentially enabling external CSS loading or cross-site scripting (XSS) in older browsers. The root cause is a faulty backslash stripping operation within the clean.py file, around line 594. Specifically, the line style = style.replace('', '') transforms payloads like @69mport into @69mport, which bypasses the blacklist. Modern browsers interpret 69 as the character 'i' according to CSS specifications, effectively allowing the @import statement to execute. This bypass also affects the detection of expression(), posing a risk in older versions of Internet Explorer. A proof of concept demonstrates that a normally blocked @import statement can be successfully executed using the Unicode escape bypass. This could lead to data exfiltration through attribute selectors, UI redressing, and phishing attacks. In older browsers, it could enable full XSS via the expression() function.

Recommendations Versions prior to 0.4.4 should be updated to version 0.4.4 or later.