CVE-2026-57234: CWE-178: Improper Handling of Case Sensitivity in sparklemotion nokogiri
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-26247), was not correctly enforced on the JRuby implementation. As a result, a schema parsed with default options could still cause external resources to be fetched over the network, potentially enabling SSRF or XXE attacks. This vulnerability is fixed in 1.19.4.
AI Analysis
Technical Summary
CVE-2026-57234 describes a vulnerability in the Nokogiri library before version 1.19.4 where the NONET parse option, intended to prevent network access during XML schema parsing, was not correctly enforced on the JRuby implementation. This improper handling allowed external resource fetching despite default settings, which could lead to server-side request forgery (SSRF) or XML external entity (XXE) attacks. The vulnerability is resolved in Nokogiri 1.19.4.
Potential Impact
An attacker could exploit this vulnerability to cause Nokogiri to fetch external resources during XML schema parsing on JRuby, potentially leading to SSRF or XXE attacks. The confidentiality impact is low, with no integrity or availability impact indicated. The CVSS score is 2.6, reflecting low severity.
Mitigation Recommendations
Upgrade Nokogiri to version 1.19.4 or later, where the NONET parse option enforcement on JRuby is correctly implemented, mitigating the risk of SSRF and XXE attacks. Patch status is confirmed by the vendor advisory stating the issue is fixed in 1.19.4.
CVE-2026-57234: CWE-178: Improper Handling of Case Sensitivity in sparklemotion nokogiri
Description
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-26247), was not correctly enforced on the JRuby implementation. As a result, a schema parsed with default options could still cause external resources to be fetched over the network, potentially enabling SSRF or XXE attacks. This vulnerability is fixed in 1.19.4.
CVSS v3.1
Score 2.6low
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-57234 describes a vulnerability in the Nokogiri library before version 1.19.4 where the NONET parse option, intended to prevent network access during XML schema parsing, was not correctly enforced on the JRuby implementation. This improper handling allowed external resource fetching despite default settings, which could lead to server-side request forgery (SSRF) or XML external entity (XXE) attacks. The vulnerability is resolved in Nokogiri 1.19.4.
Potential Impact
An attacker could exploit this vulnerability to cause Nokogiri to fetch external resources during XML schema parsing on JRuby, potentially leading to SSRF or XXE attacks. The confidentiality impact is low, with no integrity or availability impact indicated. The CVSS score is 2.6, reflecting low severity.
Mitigation Recommendations
Upgrade Nokogiri to version 1.19.4 or later, where the NONET parse option enforcement on JRuby is correctly implemented, mitigating the risk of SSRF and XXE attacks. Patch status is confirmed by the vendor advisory stating the issue is fixed in 1.19.4.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-24T02:21:33.812Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3d3f304853345fc113d17c
Added to database: 06/25/2026, 14:46:08 UTC
Last enriched: 06/25/2026, 15:02:05 UTC
Last updated: 06/25/2026, 22:35:55 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.