CVE-2026-43979

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...

EUVD-2026-32978

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...

CVE-2026-43979 Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...

GHSA-FJ2M-QVH9-JQ4Q local-deep-research is Vulnerable to HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)

Summary PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs — directly into an f-string without any HTML escaping. An authenticated attacker can craft a resear...

PT-2026-39893

Name of the Vulnerable Software and Affected Versions Local Deep Research versions prior to 1.6.0 Description The PDFService. markdown to html function constructs an HTML document by interpolating user-controlled values directly into an f-string without HTML escaping. Specifically, the title...

Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014_x86_64, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any.

Summary Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014x8664, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any which is vulnerable to CVE-2026-23490, CVE-2026-0994, CVE-2025-66418, CVE-2025-66471,...

[SECURITY] Fedora 43 Update: weasyprint-68.0-1.fc43

WeasyPrint can render HTML and CSS to PDF. It aims to support web standards for printing...

Fedora 43 : python-tinycss2 / weasyprint (2026-f59e87ad88)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-f59e87ad88 advisory. update to new upstream version including a fix for CVE-2025-68616 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora: Security Advisory (FEDORA-2026-f59e87ad88)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 16 Security Update : python-weasyprint (openSUSE-SU-2026:20069-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20069-1 advisory. Changes in python-weasyprint: - CVE-2025-68616: Fixed a server-side request forgery in default fetcher boo1256936. Tenable has extracted the preceding...

python311-weasyprint-68.0-1.1 on GA media (moderate)

python311-weasyprint-68.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10079-1 Rating: moderate Cross-References: CVE-2025-68616 CVSS scores: CVE-2025-68616 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability...

Security update for python-weasyprint (important)

openSUSE security update: security update for python-weasyprint ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20069-1 Rating: important References: bsc1256936 Cross-References: CVE-2025-68616 CVSS scores: CVE-2025-68616 SUSE : 7.5...

OPENSUSE-SU-2026:10079-1 python311-weasyprint-68.0-1.1 on GA media

These are all security issues fixed in the python311-weasyprint-68.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:20069-1 Security update for python-weasyprint

This update for python-weasyprint fixes the following issues: Changes in python-weasyprint: - CVE-2025-68616: Fixed a server-side request forgery in default fetcher boo1256936...

GHSA-983W-RHVV-GWMV WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

Summary A Server-Side Request Forgery SSRF Protection Bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata endpoints even when a developer has implemented a custom urlfetcher to block...

EUVD-2025-206301

WeasyPrint has a Server-Side Request Forgery SSRF Protection Bypass via HTTP Redirect...

WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

Summary A Server-Side Request Forgery SSRF Protection Bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata endpoints even when a developer has implemented a custom urlfetcher to block...

actpdf (>=0.1.0 <=0.12.0), agenticmem (>=0.1.4.1 <=0.1.5.0) +212 more potentially affected by CVE-2025-68616 via weasyprint (>=0.28.0 <=67.0.0)

weasyprint PYPI version =0.28.0, =0.1.0, =0.1.4.1, =0.5.0, =0.1.1, =0.1.1, =0.1.0, =0.5.0, =1.1.0, =0.1.0, =0.7.0, =0.10.0a68 and more Source cves: CVE-2025-68616 Source advisory: OSV:GHSA-983W-RHVV-GWMV...

SUSE CVE-2025-68616

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

PT-2026-3644

🔴 WeasyPrint, SSRF Protection Bypass, CVE-2024-27490 Critical https://t.co/6nK4AIaKzH...