CVE-2026-25543

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-25543
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25543.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-25543
Aliases
Published
2026-02-04T21:45:25.665Z
Modified
2026-02-05T21:46:02.551802Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Summary
HtmlSanitizer has a bypass via template tag
Details

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. This issue has been patched in versions 9.0.892 and 9.1.893-beta.

Database specific 
{
    "cwe_ids": [
        "CWE-116"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25543.json"
}
References

Affected packages

Git / github.com/mganss/htmlsanitizer

Affected ranges

Type
GIT
Repo
https://github.com/mganss/htmlsanitizer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0ac53dca30ddad963f2b243669a5066933d82b81

Affected versions

v2.*
v2.0
v3.*
v3.0-beta
v3.1.76
v3.1.79
v3.1.91
v3.1.93
v3.1.98
v3.2.100
v3.2.103
v3.2.105
v3.3.122-beta
v3.3.125-beta
v3.3.126-beta
v3.3.127-beta
v3.3.128-beta
v3.3.129-beta
v3.3.130-beta
v3.3.131-beta
v3.3.132-beta
v3.3.134-beta
v3.3.140-beta
v3.3.142
v3.3.143-beta
v3.3.144-beta
v3.3.145-beta
v3.3.146-beta
v3.3.147-beta
v3.3.148-beta
v3.4.152-beta
v3.4.156
v3.5.167-beta
v3.5.168-beta
v3.5.169-beta
v4.*
v4.0.179
v4.0.180
v4.0.181
v4.0.182
v4.0.183
v4.0.185
v4.0.186
v4.0.187
v4.0.188
v4.0.189
v4.0.190
v4.0.191
v4.0.192
v4.0.193
v4.0.195
v4.0.197
v4.0.198
v4.0.199
v4.0.200
v4.0.201
v4.0.202
v4.0.203
v4.0.204
v4.0.205
v4.0.207
v4.0.209
v4.0.210
v4.0.211
v4.0.212
v4.0.217
v4.0.219
v4.0.220
v4.0.222
v4.0.224
v4.0.228
v4.0.229
v4.0.230
v5.*
v5.0.214
v5.0.215
v5.0.216
v5.0.218
v5.0.233
v5.0.234
v5.0.236
v5.0.237
v5.0.239
v5.0.240
v5.0.242
v5.0.244
v5.0.245
v5.0.246
v5.0.248
v5.0.249
v5.0.250
v5.0.251
v5.0.257
v5.0.258
v5.0.260
v5.0.261
v5.0.263
v5.0.264
v5.0.266
v5.0.267
v5.0.269
v5.0.270
v5.0.272
v5.0.274
v5.0.275
v5.0.277
v5.0.278
v5.0.280
v5.0.281
v5.0.283
v5.0.284
v5.0.287
v5.0.288
v5.0.290
v5.0.291
v5.0.292
v5.0.293
v5.0.294
v5.0.296
v5.0.297
v5.0.298
v5.0.303
v5.0.304
v5.0.305
v5.0.307
v5.0.308
v5.0.310
v5.0.311
v5.0.313
v5.0.314
v5.0.316
v5.0.317
v5.0.319
v5.0.320
v5.0.322
v5.0.323
v5.0.325
v5.0.326
v5.0.328
v5.0.329
v5.0.331
v5.0.332
v5.0.341
v5.0.342
v5.0.343
v5.0.344
v5.0.346
v5.0.347
v5.0.349
v5.0.350
v5.0.352
v5.0.353
v5.0.354
v5.0.355
v5.0.358
v5.0.359
v5.0.361
v5.0.363
v5.0.364
v5.0.365
v5.0.366
v5.0.367
v5.0.368
v5.0.369
v5.0.371
v5.0.372
v5.0.373
v5.0.375
v5.0.376
v5.0.377
v5.0.379
v5.0.380
v5.0.382
v5.0.383
v5.0.385
v5.0.386
v5.0.388
v5.0.389
v5.0.391
v5.0.392
v5.0.395
v5.0.398
v5.0.400
v5.0.401
v5.0.403
v5.0.404
v6.*
v6.0.409
v6.0.423
v6.0.430
v6.0.437
v6.0.441
v6.0.453
v7.*
v7.0.470
v7.0.473
v7.1.475
v7.1.488
v7.1.509
v7.1.512
v7.1.542
v8.*
v8.0.601
v8.0.645
v8.0.692
v8.0.718
v8.0.723
v8.0.744
v8.0.746
v8.0.795
v8.0.811
v8.0.838
v8.0.843
v8.0.865
v8.1.870
v9.*
v9.0.873
v9.0.876
v9.0.881
v9.0.884
v9.0.886
v9.0.889

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25543.json"