CVE-2026-4980

MEDIUM NVD

CVSS Score 6.3

Severity MEDIUM

Published Mar 27, 2026

Vendor unknown

Description

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.

References

https://gitlab.com/inkscape/inkscape/-/merge_requests/5269
https://gitlab.com/inkscape/inkscape/-/work_items/3557