CVE-2026-41066
CVE-2026-41066 affects the Python XML/HTML library lxml . In versions prior to 6.1.0, using the two parsers with the default setting resolve_entities=True allows untrusted XML input to read local files. Setting the option to resolve_entities='internal' or resolve_entities=False disables local fil...