{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41066", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-16T16:43:03.174Z", "datePublished": "2026-04-24T16:45:19.617Z", "dateUpdated": "2026-04-24T18:04:04.548Z"}, "containers": {"cna": {"title": "lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files", "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "lang": "en", "description": "CWE-611: Improper Restriction of XML External Entity Reference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/lxml/lxml/security/advisories/GHSA-vfmq-68hx-4jfw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/lxml/lxml/security/advisories/GHSA-vfmq-68hx-4jfw"}, {"name": "https://bugs.launchpad.net/lxml/+bug/2146291", "tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/lxml/+bug/2146291"}], "affected": [{"vendor": "lxml", "product": "lxml", "versions": [{"version": "< 6.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T16:45:19.617Z"}, "descriptions": [{"lang": "en", "value": "lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0."}], "source": {"advisory": "GHSA-vfmq-68hx-4jfw", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-24T18:03:40.722204Z", "id": "CVE-2026-41066", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T18:04:04.548Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41066", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-16T16:43:03.174Z", "datePublished": "2026-04-24T16:45:19.617Z", "dateUpdated": "2026-04-24T18:04:04.548Z"}, "containers": {"cna": {"title": "lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files", "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "lang": "en", "description": "CWE-611: Improper Restriction of XML External Entity Reference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/lxml/lxml/security/advisories/GHSA-vfmq-68hx-4jfw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/lxml/lxml/security/advisories/GHSA-vfmq-68hx-4jfw"}, {"name": "https://bugs.launchpad.net/lxml/+bug/2146291", "tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/lxml/+bug/2146291"}], "affected": [{"vendor": "lxml", "product": "lxml", "versions": [{"version": "< 6.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T16:45:19.617Z"}, "descriptions": [{"lang": "en", "value": "lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0."}], "source": {"advisory": "GHSA-vfmq-68hx-4jfw", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41066", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-24T18:03:40.722204Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T18:03:45.409Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBB89136-B5C9-4228-A580-08FB87A7326F", "versionEndExcluding": "6.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0."}], "id": "CVE-2026-41066", "lastModified": "2026-04-27T17:59:05.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-24T17:16:20.933", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/lxml/+bug/2146291"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/lxml/lxml/security/advisories/GHSA-vfmq-68hx-4jfw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "lxml: python: lxml: Information disclosure via untrusted XML input leading to local file read", "id": "2461613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461613"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-611", "details": ["A flaw was found in lxml, a library for processing XML and HTML in Python. A remote attacker can exploit this vulnerability by sending untrusted XML input to an application using lxml's default parser configuration. This allows the attacker to read local files on the system, leading to information disclosure."], "mitigation": {"lang": "en:us", "value": "Applications using the lxml library to process untrusted XML input should explicitly configure the parser to prevent external entity resolution. This can be achieved by setting the `resolve_entities` option to `False` or `'internal'` when initializing the parser. For example, `etree.XML(xml_input, parser=etree.XMLParser(resolve_entities=False))` or `etree.HTML(html_input, parser=etree.HTMLParser(resolve_entities='internal'))`."}, "name": "CVE-2026-41066", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Fix deferred", "package_name": "mta/mta-solution-server-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:pdrive_lightspeed:0", "fix_state": "Fix deferred", "package_name": "pen-drive/pen-drive-scanner-rhel9", "product_name": "Pen Drive Powered by Red Hat Lightspeed"}, {"cpe": "cpe:/a:redhat:ai_inference_server:3", "fix_state": "Fix deferred", "package_name": "rhaiis/vllm-neuron-rhel9", "product_name": "Red Hat AI Inference Server"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/ee-supported-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/controller-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/ee-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/gateway-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/hub-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "python-lxml", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "python-lxml", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "python-lxml", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "python-lxml", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "python-lxml", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Fix deferred", "package_name": "abattis-cantarell-fonts", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Fix deferred", "package_name": "jq", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Fix deferred", "package_name": "mariadb11.8", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Fix deferred", "package_name": "python3-mypy", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Fix deferred", "package_name": "python-jsonschema", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Fix deferred", "package_name": "python-referencing", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-ta-lmes-job-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-olm-catalogd-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "package_name": "python-lxml", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "package_name": "satellite:el8/python-lxml", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhui:4::el8", "fix_state": "Fix deferred", "package_name": "python-lxml", "product_name": "Red Hat Update Infrastructure 4 for Cloud Providers"}], "public_date": "2026-04-24T16:45:19Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-41066\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41066\nhttps://bugs.launchpad.net/lxml/+bug/2146291\nhttps://github.com/lxml/lxml/security/advisories/GHSA-vfmq-68hx-4jfw"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.1.0)"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "lxml", "source": "cna", "vendor": "lxml"}, "product": "lxml", "vendor": "lxml"}], "analysis": {"en": {"generated_at": "2026-04-28T06:02:52.703164+00:00", "value": {"mitigation_remediation": ["Update the lxml library to version 6.1.0 or newer, which disables the default entity expansion.", "If an immediate update is not feasible, reconfigure the parser by setting resolve_entities to 'internal' or False before parsing to block external entity processing.", "Audit code to locate all uses of iterparse() and ETCompatXMLParser(), ensuring that the resolve_entities setting is explicitly disabled in each instance."], "summary": {"action": "Patch", "impact": "Local File Disclosure via XXE"}, "threat_synthesis": {"affected_systems": "Any system that uses the lxml library in a version prior to 6.1.0 is affected. The lack of explicit version constraints in the data implies that all releases before 6.1.0 are vulnerable. The issue applies to both iterparse() and ETCompatXMLParser() functions within the lxml package.", "description_and_impact": "lxml, a Python library for XML and HTML processing, has a default configuration that sets the resolve_entities flag to True. This causes the XML parser to expand external entities, allowing untrusted XML input to read arbitrary local files. The weakness is a classic XML External Entity (XXE) flaw, classified as CWE-611, and can lead to sensitive data exposure. The vulnerability is triggered when an attacker supplies crafted XML to the iterparse() or ETCompatXMLParser() APIs.", "risk_and_exploitability": "The CVSS score for this vulnerability is 7.5, indicating a high severity. The EPSS score is reported as less than 1%, implying a very low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the injection of untrusted XML documents into any feature of a Python application that relies on the default lxml configuration. If an attacker can supply such XML, they could read sensitive files from the host system, compromising confidentiality."}}}}, "created": "2026-04-28T01:15:15.495349+00:00", "updated": "2026-04-28T06:15:24.138031+00:00", "vendors": ["lxml", "lxml$PRODUCT$lxml"]}