fast-xml-parser <5.3.5: Entity Name wildcard XSS via DOCTYPE parsing
CVE-2026-25896 Published on February 20, 2026

fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (&lt;, &gt;, &amp;, &quot;, &apos;) with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.

NVD

Vulnerability Analysis

CVE-2026-25896 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. An automatable proof of concept (POC) exploit exists. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Types

Incorrect Regular Expression

The software specifies a regular expression in a way that causes data to be improperly matched or compared. When the regular expression is used in protection mechanisms such as filtering or validation, this may allow an attacker to bypass the intended restrictions on the incoming data.

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2026-25896 has been classified to as a XSS vulnerability or weakness.


Products Associated with CVE-2026-25896

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

 
 
 
 
 
 
 
 

Affected Versions

NaturalIntelligence fast-xml-parser: Red Hat Advanced Cluster Security for Kubernetes 4.8: Red Hat Advanced Cluster Security for Kubernetes 4.9: Red Hat Developer Hub 1.8: Red Hat Developer Hub 1.9: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Openshift Data Foundation 4.20: Red Hat Migration Toolkit for Applications 8: Red Hat OpenShift GitOps: Red Hat OpenShift GitOps: Red Hat OpenShift Virtualization 4: Red Hat OpenShift Virtualization 4: Red Hat Satellite 6: Red Hat Satellite 6: Red Hat Self-service automation portal 2:

Exploit Probability

EPSS
0.45%
Percentile
35.61%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.