CyberRota
← Ana sayfaya dön

CVE-2026-53727

UNKNOWN · CVSS N/A Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-17T21:17:07.837 · Çekilme zamanı: 2026-07-18T00:07:16.467349+00:00

CyberRota Yorumu

Uzaktan istismar edilebilir olabilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-53727
Severity
UNKNOWN
CVSS
N/A
EPSS
Yok

Orijinal NVD Açıklaması

css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb, and therefore load_uri! and the @import-following branch of add_block!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering, or protection against link-local, loopback, or RFC-1918 addresses. Location: redirects were followed recursively back into the same function, which also serviced file:// URIs, so a single attacker-controlled HTTP redirect could upgrade the bug from SSRF to arbitrary local file disclosure. Any consumer of css_parser that hands it attacker-influenced CSS together with a base_uri: option is exposed. This issue is fixed in version 3.0.0.