The vulnerability identified as CVE-2026-28350 affects the lxml_html_clean project, a Python library used for cleaning HTML content. This library is a fork or copy of lxml.html.clean and provides functionalities to sanitize HTML input. Prior to version 0.4.4, the default Cleaner configuration does not specifically handle the <base> HTML tag. While other structural tags such as <html>, <head>, and <title> are removed when the page_structure option is enabled, the <base> tag is allowed to pass through unfiltered. The <base> tag in HTML defines the base URL for all relative URLs in the document. An attacker can exploit this by injecting a malicious <base> tag, causing all relative links on the page to redirect to attacker-controlled URLs. This improper encoding or escaping of output corresponds to CWE-116, which involves failure to properly sanitize or encode output data. The vulnerability impacts confidentiality and integrity by enabling link hijacking, potentially leading to phishing or redirection attacks. The CVSS v3.1 score is 6.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but user interaction needed, and a scope change due to affecting linked resources. The vulnerability was published on March 5, 2026, and has been patched in lxml_html_clean version 0.4.4. There are no known exploits in the wild at this time.

This vulnerability can lead to attackers injecting malicious <base> tags into HTML content cleaned by vulnerable versions of lxml_html_clean, causing all relative links on the page to redirect to attacker-controlled sites. This can facilitate phishing attacks, credential theft, or distribution of malware by misleading users about link destinations. Organizations that rely on lxml_html_clean for sanitizing user-generated or external HTML content may inadvertently expose their users to these risks. The impact is primarily on confidentiality and integrity, as attackers can manipulate link targets without disrupting availability. Since exploitation requires user interaction (clicking links), the risk is somewhat mitigated but still significant, especially for web applications that sanitize and display untrusted HTML content. The vulnerability could affect web portals, content management systems, and any Python-based services using this library. The absence of known exploits in the wild suggests limited current exploitation, but the vulnerability should be addressed proactively to prevent future attacks.

The primary mitigation is to upgrade lxml_html_clean to version 0.4.4 or later, where the <base> tag is properly handled and sanitized. For organizations unable to upgrade immediately, implement additional HTML sanitization layers that explicitly remove or neutralize <base> tags before or after using lxml_html_clean. Review and restrict the sources of HTML content being cleaned to trusted inputs where possible. Employ Content Security Policy (CSP) headers to limit the impact of malicious redirects and reduce the risk of phishing. Educate users to be cautious with links, especially those that appear suspicious or redirect unexpectedly. Monitor web application logs for unusual link redirection patterns that may indicate exploitation attempts. Finally, integrate automated security testing to detect improper HTML sanitization in development pipelines.