PatchSiren

mvantellingen CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM mvantellingen CVE published 2026-07-08

CVE-2026-58501

CVE-2026-58501 is a vulnerability in the Zeep Python SOAP client. Versions from 4.0.0 before 4.3.3 define but do not enforce the Settings.forbid_external setting when parsing WSDL or XSD documents. This oversight allows for transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. The vulnerability has a CVSS score of 5.9 and is classif [truncated]