6.3
CVE-2026-4980
- EPSS 0.2%
- Veröffentlicht 27.03.2026 14:50:48
- Zuletzt bearbeitet 26.05.2026 18:40:53
- Quelle cve@gitlab.com
- CVE-Watchlists
- Unerledigt
Improper Restriction of XML External Entity Reference in Inkscape
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@gitlab.com | 6.3 | 1.8 | 4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
https://gitlab.com/inkscape/inkscape/-/work_items/3557
https://gitlab.com/inkscape/inkscape/-/merge_requests/5269