CVE-2026-44665

medium Red Hat
CVSS v3 Base Score
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 99% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
None
Published: May 13, 2026 (57 days ago)
Last Modified: May 13, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in fast-xml-builder, a software component used to create XML documents from JSON data. This vulnerability allows a remote attacker to inject unauthorized attributes into the generated XML or HTML output. By crafting malicious input that includes quotes in attribute values without proper entity processing, an attacker can manipulate the structure of the output. This could lead to unintended information disclosure or alteration of how content is displayed.

CWE

CWE-91

Affected Products

Red Hat Advanced Cluster Security 4Red Hat Developer HubRed Hat Openshift Data Foundation 4Red Hat OpenShift Virtualization 4Self-service automation portal 2

References