CVE-2026-4754: Cloned Libxml2 Ssi Escape Bypass
Bypassing URI escaping for server-side includes using in-place mutation allows malicious inputs to break out of attribute contexts, resulting in XSS. The code temporarily replaces part of the string with a null byte to exclude it from escaping. Update to a secure version of libxml2 or replace this manual logic with proper encoding.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
Cβ
Cβgreprules fetch cve-2026-4754-cloned-libxml2-ssi-escape-bypass --engine opengrepDescription
Bypassing URI escaping for server-side includes using in-place mutation allows malicious inputs to break out of attribute contexts, resulting in XSS. The code temporarily replaces part of the string with a null byte to exclude it from escaping. Update to a secure version of libxml2 or replace this manual logic with proper encoding.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0