Remote File Disclosure Vulnerability in CssParser by Premailer
CVE-2026-53727

8.9HIGH

Key Information:

Vendor

Premailer

Vendor
CVE Published:
17 July 2026

What is CVE-2026-53727?

The vulnerability in CssParser allows an attacker to exploit the library by supplying attacker-influenced CSS and a base_uri option. This can lead to server-side request forgery (SSRF) and potentially arbitrary local file disclosure. The flaw exists due to inadequate filtering for HTTP and HTTPS requests, enabling recursive redirects and exposing sensitive information. This issue has been addressed in version 3.0.0, which implements stricter controls to mitigate these risks.

Affected Version(s)

css_parser < 3.0.0

References

CVSS V4

Score:
8.9
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.