VYPR
Medium severity6.3NVD Advisory· Published Mar 27, 2026· Updated May 26, 2026

CVE-2026-4980

CVE-2026-4980

Description

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Inkscape/Inkscape3 versions
    cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:*range: >=1.1,<1.3
    • (no CPE)range: >=1.1, <1.3
    • (no CPE)range: 1.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.