14 matches found
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses lxml-6.0.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-41066
Summary IBM Maximo Application Suite - Visual Inspection component uses lxml-6.0.0-cp311-cp311-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-41066, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...
Amazon Linux 2023 : python3-lxml (ALAS2023-2026-1678)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1678 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input t...
Security update for python-lxml (moderate)
openSUSE security update: security update for python-lxml ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20737-1 Rating: moderate References: bsc1263254 Cross-References: CVE-2026-41066 CVSS scores: CVE-2026-41066 SUSE : 5.9...
Important: python-lxml
Issue Overview: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...
TencentOS Server 4: python-lxml (TSSA-2026:0288)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0288 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Amazon Linux 2 : python-lxml, --advisory ALAS2-2026-3297 (ALAS-2026-3297)
The version of python-lxml installed on the remote host is prior to 3.2.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3297 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the...
OPENSUSE-SU-2026:20737-1 Security update for python-lxml
This update for python-lxml fixes the following issue - CVE-2026-41066: Information disclosure via untrusted XML input leading to local file read bsc1263254...
CVE-2026-41066 affecting package python-lxml for versions less than 4.9.3-2
CVE-2026-41066 affecting package python-lxml for versions less than 4.9.3-2. A patched version of the package is available...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-41066)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-41066 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using...
OESA-2026-2012 python-lxml security update
\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...
OESA-2026-2008 python-lxml security update
\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...
ALPINE-CVE-2026-41066
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...
CVE-2026-41066 vulnerabilities
Vulnerabilities for packages: authentik-fips, open-webui, datahub-ingestion, synapse, authentik, kubeflow-pipelines-visualization-server, nemo, datadog-agent-fips, label-studio, airflow, datahub-ingestion-fips, datadog-agent...
a-mailx (=0.1.0), acdh-xml-validator (>=0.1.0 <=1.1.0) +314 more potentially affected by CVE-2026-41066 via lxml (>=6.0.0 <=6.0.4)
lxml PYPI version =6.0.0, =0.1.0, =0.1.3, =0.1.0, =3.0.7, =1.6.6, =1.44.2, =1.0.0, =0.0.1, =2026.5.23, =25.11.0, =0.1.1, =0.3.3, =0.3.7 and more Source cves: CVE-2026-41066 Source advisory: SNYK:PYTHON-LXML-16119103...