CVE-2020-26709

CVE-2020-26709 affects py-xml v1.0 and is caused by an XML External Entity (XXE) vulnerability in the XML parsing path, allowing an attacker to execute arbitrary code via a crafted XML file. The issue is documented across multiple sources (NVD entry, Red Hat advisory, GHSA, OSV, CNNVD, CVE list, ...