CVE-2026-41066
Published: April 29, 2026Last modified: May 10, 2026
Description
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | NONE |
| Availability impact | NONE |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Notes
In lxml 5.0.0: https://bugs.launchpad.net/lxml/+bug/1742885 https://github.com/lxml/lxml/pull/391 the default value of `resolve_entities` was not updated for `etree.iterparse()` and `ETCompatXMLParser()` entry points. This CVE is exactly about these two entry points. Since 23 LTS provides an older version (4.9.3) we decided not to change the default. It's recommended to avoid the CVE by following upstream recommendations: https://lxml.de/FAQ.html#how-do-i-use-lxml-safely-as-a-web-service-endpoint
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | py3-lxml | Will not fix (4.9.1-r1) |
| 25 LTS | py3-lxml | Fixed (5.3.1-r1) | |
| Stream | py3-lxml | Fixed (6.1.0-r0) |