Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses lxml-6.0.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-41066

Summary IBM Maximo Application Suite - Visual Inspection component uses lxml-6.0.0-cp311-cp311-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-41066, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in lxml (CVE-2026-41066)

Summary A vulnerability in the lxml XML processing library CVE-2026-41066 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 6.1.0. Vulnerability Details CVEID:CVE-2026-41066 DESCRIPTION: lxml is a library for processing XML and HTML in the Python...

Amazon Linux 2023 : python3-lxml (ALAS2023-2026-1678)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1678 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-lxml (UTSA-2026-021468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021468 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with...

TencentOS Server 4: python-lxml (TSSA-2026:0288)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0288 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-41066)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-41066 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using...

SUSE CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

a-mailx (=0.1.0), a-move-files-by-excel (>=0.1.0 <=0.1.1) +4285 more potentially affected by CVE-2026-41066 via lxml (>=3.2.3 <=6.0.4)

lxml PYPI version =3.2.3, =0.1.0, =0.1.0, =0.1.0, =0.9.1, =1.0.2, =0.1.0, =0.3.0, =0.3.5, =0.3.0, =0.3.0, =0.2.5, =0.1.0, =0.0.2, =1.13.4 and more Source cves: CVE-2026-41066 Source advisory: OSV:PYSEC-2026-87...

a-mailx (=0.1.0), a-move-files-by-excel (>=0.1.0 <=0.1.1) +4285 more potentially affected by CVE-2026-41066 via lxml (>=3.2.3 <=6.0.4)

lxml PYPI version =3.2.3, =0.1.0, =0.1.0, =0.1.0, =0.9.1, =1.0.2, =0.1.0, =0.3.0, =0.3.5, =0.3.0, =0.3.0, =0.2.5, =0.1.0, =0.0.2, =1.13.4 and more Source cves: CVE-2026-41066 Source advisory: OSV:GHSA-VFMQ-68HX-4JFW...

a-mailx (=0.1.0), acdh-xml-validator (>=0.1.0 <=1.1.0) +394 more potentially affected by CVE-2026-41066 via lxml (>=6.0.0 <=6.0.4)

lxml PYPI version =6.0.0, =0.1.0, =0.1.3, =0.1.0, =3.0.7, =1.6.6, =0.2.7, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =1.0.0, =0.1.0, =0.1.3 and more Source cves: CVE-2026-41066 Source advisory: SNYK:PYTHON-LXML-16119103...

MiracleLinux 8 : python-lxml-4.2.3-2.el8 (AXSA:2021-1839:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1839:01 advisory. python-lxml: mXSS due to the use of improper parser CVE-2020-27783 Tenable has extracted the preceding description block directly from the MiracleLinux...

EUVD-2018-0088

Malware in sbrugna...

EUVD-2014-0033

Malware in sbrugna...

EUVD-2024-0557

Malicious code in bioql PyPI...

CVE-2024-37388

An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2025-1478)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Langroid Allows XXE Injection via XMLToolMessage

Summary A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Details XMLToolMessage uses lxml without safeguards:...

GHSA-PW95-88FG-3J6F Langroid Allows XXE Injection via XMLToolMessage

Summary A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Details XMLToolMessage uses lxml without safeguards:...

PT-2024-35391 · Unknown +1 · Lxml Html Clean +1

Name of the Vulnerable Software and Affected Versions: lxml html clean versions prior to 0.4.0 Description: The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , , and . This behavior deviates from how web browsers parse and interpret such tags...

Important: python-lxml

Issue Overview: There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web...