CVE-2026-41066

medium Red Hat
CVSS v3 Base Score
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 86% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
None
Availability
None
Published: April 24, 2026 (76 days ago)
Last Modified: April 24, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in lxml, a library for processing XML and HTML in Python. A remote attacker can exploit this vulnerability by sending untrusted XML input to an application using lxml's default parser configuration. This allows the attacker to read local files on the system, leading to information disclosure.

CWE

CWE-611

Affected Products

Migration Toolkit for Applications 8Pen Drive Powered by Red Hat LightspeedRed Hat AI Inference ServerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Hardened Images

References