MEDIUM
Inkscape
CVE published 2026-03-27
CVE-2026-4980
A local file disclosure vulnerability exists in Inkscape's XInclude processing component. Versions 1.1 through 1.2.x are affected. The vulnerability allows a remote attacker to read local files when a user opens a crafted SVG file containing malicious xi:include tags. The issue stems from improper handling of XML External Entity (XEE) processing via XInclude, classified under CWE-611 (Improper Restriction [truncated]