Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-58501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transiti...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References3
NVD
NVD
added 5 days ago5 views

CVE-2026-58501

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS0.00252EPSS
Exploits0References3
CVE
CVE
added 5 days ago6 views

CVE-2026-58501

Zeep (Python SOAP client) is affected in versions 4.0.0 through before 4.3.3, where Settings.forbid_external is defined but not enforced during WSDL/XSD parsing. This allows transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker‑controlled HTTP/HTTPS ...

5.9CVSS6AI score0.00252EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-58501 Zeep SSRF because Settings.forbid_external is not enforced

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS0.00252EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 10:10 p.m.14 views

Zeep: Server-Side Request Forgery (SSRF)

Summary When parsing a WSDL or XSD document, python-zeep follows transitive references — xsd:import, xsd:include, wsdl:import, and lxml entity/DTD resolution — and will fetch http/https URLs found in those references. The Settings.forbidexternal option, intended to disable this transitive remote...

6AI score
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/19 10:10 p.m.5 views

Server-side Request Forgery (SSRF)

Overview zeep is an A Python SOAP client Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the process of parsing WSDL or XSD documents, where transitive references such as xsd:import, xsd:include, wsdl:import, and lxml entity/DTD resolution are followed. An...

8.2CVSS6.1AI score0.00252EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.5 views

PT-2026-56538

Name of the Vulnerable Software and Affected Versions Zeep versions 4.0.0 through 4.3.2 Description In this Python SOAP client, the Settings.forbid external setting is not enforced during the parsing of WSDL or XSD documents. This allows transitive xsd:import, xsd:include, wsdl:import, and lxml...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References10
Rows per page
Query Builder