Amazon Linux 2023 : python3-lxml (ALAS2023-2026-1678)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1678 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input t...

OESA-2026-2012 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

OESA-2026-2010 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

PT-2026-34232

Name of the Vulnerable Software and Affected Versions lxml versions prior to 6.1.0 Description Using the default configuration with the resolve entities variable set to True allows untrusted XML input to read local files. This issue affects the iterparse and ETCompatXMLParser functions...