Security Advisory

CVE-2026-41066

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-24 16:45:19

Last updated 2026-04-24 18:04:04

Assigner GitHub_M

State PUBLISHED

Description

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities=internal or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0.

← Browse all CVEs View on cve.org ↗