CVE-2026-4980

MEDIUM(6.3)

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Risk Signal Score16/100 — NIEDRIG

CVSS 6.3 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.3

Technische Schwere

Beschreibung

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.

Referenzen

https://gitlab.com/inkscape/inkscape/-/merge_requests/5269
https://gitlab.com/inkscape/inkscape/-/work_items/3557