Improper Neutralization of Special Elements in OWASP ModSecurity Core Rule Set (CRS) - #VU136863
Published: July 3, 2026
OWASP ModSecurity Core Rule Set (CRS)
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass detection of malicious payloads in XML attribute values.
The vulnerability exists due to improper neutralization of special elements in XML request body inspection rules when processing XML request bodies. A remote attacker can place an attack payload inside an XML attribute to bypass detection of malicious payloads in XML attribute values.
The issue affects rule families 921, 930, 931, 932, 933, 934, 941, 942, and 943 at every paranoia level, while the 944 Java family is unaffected.