<Vulnerability name="CVE-2026-57234">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Low</ThreatSeverity>
    <PublicDate>2026-06-25T14:30:20</PublicDate>
    <Bugzilla id="2492934" url="https://bugzilla.redhat.com/show_bug.cgi?id=2492934" xml:lang="en:us">
nokogiri: Nokogiri: Server-Side Request Forgery (SSRF) and XML External Entity (XXE) via improper enforcement of NONET parse option
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>4.8</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-611</CWE>
    <Details xml:lang="en:us" source="Mitre">
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-26247), was not correctly enforced on the JRuby implementation. As a result, a schema parsed with default options could still cause external resources to be fetched over the network, potentially enabling SSRF or XXE attacks. This vulnerability is fixed in 1.19.4.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external resources over the network, potentially leading to Server-Side Request Forgery (SSRF) or XML External Entity (XXE) attacks.
    </Details>
    <Statement xml:lang="en:us">
Red Hat products are not affected by this vulnerability. This flaw is specific to the JRuby implementation of Nokogiri, where the NONET parse option was not correctly enforced on XML::Schema. Red Hat products use the CRuby (MRI) implementation, where NONET is correctly enforced and external resource fetching is properly blocked.
    </Statement>
    <Mitigation xml:lang="en:us">
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
    </Mitigation>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp21/backend</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp21/system</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp21/zync</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp22/backend</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp22/system</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp22/zync</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp26/toolbox</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp2/backend-rhel8</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp2/system-rhel7</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp2/system-rhel8</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp2/system-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp2/toolbox-rhel8</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp2/toolbox-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp2/zync-rhel8</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:red_hat_3scale_amp:2">
        <ProductName>Red Hat 3scale API Management Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>3scale-amp2/zync-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:satellite:6">
        <ProductName>Red Hat Satellite 6</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>rubygem-nokogiri</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:satellite:6">
        <ProductName>Red Hat Satellite 6</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>satellite:el8/rubygem-nokogiri</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-57234
https://nvd.nist.gov/vuln/detail/CVE-2026-57234
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-8678-w3jw-xfc2
    </References>
</Vulnerability>