Remote File Disclosure Vulnerability in CssParser by Premailer
CVE-2026-53727
8.9HIGH
What is CVE-2026-53727?
The vulnerability in CssParser allows an attacker to exploit the library by supplying attacker-influenced CSS and a base_uri option. This can lead to server-side request forgery (SSRF) and potentially arbitrary local file disclosure. The flaw exists due to inadequate filtering for HTTP and HTTPS requests, enabling recursive redirects and exposing sensitive information. This issue has been addressed in version 3.0.0, which implements stricter controls to mitigate these risks.
Affected Version(s)
css_parser < 3.0.0
