The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-41672

CVE-2026-41672: xmldom XXE Vulnerability

CVE-2026-41672 is an XXE vulnerability in xmldom, a JavaScript XML DOM parser, allowing attackers to inject arbitrary XML nodes through comment content. This article covers technical details, affected versions, and mitigation.

Published: May 7, 2026

CVE-2026-41672 Overview

CVE-2026-41672 is an XML injection vulnerability in @xmldom/xmldom, a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. The package fails to validate or neutralize comment-breaking sequences when serializing attacker-controlled comment content into XML. An attacker can terminate a comment early using --> and inject arbitrary XML nodes into the serialized output. The flaw is tracked under [CWE-91] (XML Injection) and affects @xmldom/xmldom prior to versions 0.9.10 and 0.8.13, as well as the legacy xmldom package version 0.6.0 and earlier.

Critical Impact

Attackers can inject arbitrary XML structure into serialized documents, breaking integrity guarantees for downstream XML consumers including signature validators, configuration parsers, and SAML processors.

Affected Products

  • @xmldom/xmldom versions prior to 0.9.10
  • @xmldom/xmldom versions prior to 0.8.13
  • xmldom version 0.6.0 and prior (legacy package)

Discovery Timeline

  • 2026-05-07 - CVE-2026-41672 published to NVD
  • 2026-05-07 - Last updated in NVD database

Technical Details for CVE-2026-41672

Vulnerability Analysis

The vulnerability resides in the comment serialization path of the XMLSerializer. When a Comment node's data property contains the sequence -->, the serializer emits the data verbatim between <!-- and --> delimiters. The premature --> terminates the comment, and any subsequent text is parsed as XML markup by downstream consumers.

This breaks the integrity of the serialized document. An attacker controlling comment content can inject elements, attributes, or processing instructions that were never part of the original DOM. Applications that round-trip XML through xmldom — including SAML assertion processors, SOAP middleware, and configuration loaders — may execute logic against attacker-controlled nodes.

Root Cause

The root cause is missing output validation in the comment serialization routine. The W3C DOM Parsing specification (§3.2.1.3) requires that when requireWellFormed is true, the serializer throw InvalidStateError if comment data contains --, ends with -, or contains characters outside the XML Char production. The vulnerable versions did not enforce this check, allowing comment-breaking sequences to pass through unvalidated.

Attack Vector

The attack vector is network-accessible and requires no authentication or user interaction. An attacker submits XML or DOM input where comment content includes --> followed by injected markup. When the application serializes the DOM, the injected XML appears as legitimate structure in the output stream.

typescript
// Patch excerpt from index.d.ts — comment validation contract
/** Options accepted by `XMLSerializer.prototype.serializeToString`. */
interface XMLSerializerOptions {
    /**
     * When `true`, the serializer throws a DOMException with code `INVALID_STATE_ERR` if:
     * - A CDATASection node's data contains `"]]>"`.
     * - A Comment node's data contains `"-->"` (the injection sequence that terminates a
     *   comment). Comments whose data contains `"--"` but not `"-->"` are accepted on this
     *   branch — the 0.8.x parser does not validate bare `"--"` in comment content.
     *
     * @default false
     */
}
// Source: https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7
javascript
// Patch excerpt from lib/dom.js — createComment documentation
/**
 * @param {string} data
 * @returns {Comment}
 * @see https://dom.spec.whatwg.org/#dom-document-createcomment
 * @see https://www.w3.org/TR/xml/#NT-Comment XML 1.0 production [15]
 * @see https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-xml §3.2.1.3
 *
 *      Note: no validation is performed at creation time. When the resulting document is
 *      serialized with `requireWellFormed: true`, the serializer throws `InvalidStateError`
 *      if the comment data contains `--` anywhere, ends with `-`, or contains characters
 *      outside the XML Char production (W3C DOM Parsing §3.2.1.3). Without that option the
 *      data is emitted verbatim.
 */
createComment: function (data) {
    var node = new Comment(PDC);
}
// Source: https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1

Detection Methods for CVE-2026-41672

Indicators of Compromise

  • XML output containing comment data with embedded --> followed by additional element markup.
  • Serialized documents where comment nodes are followed by unexpected sibling elements not present in the source DOM.
  • Application logs showing parser warnings about unbalanced comment delimiters or duplicate elements after round-trip serialization.

Detection Strategies

  • Inventory Node.js applications and dependency manifests (package.json, package-lock.json, yarn.lock) for @xmldom/xmldom and xmldom package references at vulnerable versions.
  • Scan XML processing pipelines for use of XMLSerializer.serializeToString without the requireWellFormed: true option.
  • Add unit tests that round-trip XML containing comments with --> payloads and assert that serialization either throws or escapes the sequence.

Monitoring Recommendations

  • Monitor outbound XML payloads from services using xmldom for unexpected structural changes between input and output.
  • Log and alert on InvalidStateError exceptions raised by the patched serializer, which indicate attempted comment injection.
  • Track Software Bill of Materials (SBOM) drift to detect reintroduction of vulnerable xmldom versions during dependency updates.

How to Mitigate CVE-2026-41672

Immediate Actions Required

  • Upgrade @xmldom/xmldom to version 0.9.10 or 0.8.13 immediately. See the GitHub Security Advisory GHSA-j759-j44w-7fr8.
  • Migrate off the legacy xmldom package, which is unmaintained, to the @xmldom/xmldom fork at a patched version.
  • Audit all code paths that accept untrusted XML input or untrusted strings passed to document.createComment().

Patch Information

Maintainers released fixes in @xmldom/xmldom 0.9.10 and @xmldom/xmldom 0.8.13. The patches were merged via Pull Request #987 and commits b397540 and fda7cc3. The fix causes the serializer to throw InvalidStateError when comment data contains --> and requireWellFormed is enabled.

Workarounds

  • Set requireWellFormed: true when calling XMLSerializer.prototype.serializeToString after upgrading, so injection attempts raise exceptions rather than emit malformed XML.
  • Sanitize untrusted strings before passing them to document.createComment() by rejecting any input containing --, trailing -, or non-XML Char codepoints.
  • Validate serialized XML output against an expected schema before forwarding to downstream consumers such as signature verifiers or SAML processors.
bash
# Upgrade to a patched release
npm install @xmldom/xmldom@0.9.10
# or for the 0.8.x branch
npm install @xmldom/xmldom@0.8.13

# Verify installed version
npm ls @xmldom/xmldom

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeXXE
  • Vendor/TechXmldom
  • SeverityHIGH
  • CVSS Score8.7
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-91
  • Technical References
  • GitHub Commit Update
  • GitHub Commit Update
  • GitHub Pull Request
  • GitHub Release 0.8.13
  • GitHub Release 0.9.10
  • GitHub Security Advisory GHSA-j759-j44w-7fr8
  • Related CVEs
  • CVE-2026-41675: xmldom XXE Vulnerability in JavaScript
  • CVE-2026-41674: xmldom XXE Vulnerability
  • CVE-2026-34601: xmldom XML Injection Vulnerability
  • CVE-2022-39353: Xmldom_project Xmldom XXE Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English