Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-13T15:24:54 fast-xml-builder: fast-xml-builder: Attribute injection leading to information disclosure or content manipulation 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CWE-91

A flaw was found in fast-xml-builder, a software component used to create XML documents from JSON data. This vulnerability allows a remote attacker to inject unauthorized attributes into the generated XML or HTML output. By crafting malicious input that includes quotes in attribute values without proper entity processing, an attacker can manipulate the structure of the output. This could lead to unintended information disclosure or alteration of how content is displayed.

Red Hat Advanced Cluster Security 4 Out of support scope advanced-cluster-security/rhacs-main-rhel8 Red Hat Developer Hub Fix deferred rhdh/rhdh-hub-rhel9 Red Hat Openshift Data Foundation 4 Out of support scope odf4/mcg-core-rhel9 Red Hat OpenShift Virtualization 4 Not affected container-native-virtualization/kubevirt-console-plugin Red Hat OpenShift Virtualization 4 Out of support scope container-native-virtualization/kubevirt-console-plugin-rhel9 Self-service automation portal 2 Fix deferred ansible-automation-platform/automation-portal https://www.cve.org/CVERecord?id=CVE-2026-44665 https://nvd.nist.gov/vuln/detail/CVE-2026-44665 https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-5wm8-gmm8-39j9