Vulnerability Details CVE-2026-4980
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 10.1%
CVSS Severity
CVSS v3 Score 6.3
References
Products affected by CVE-2026-4980
-
cpe:2.3:a:inkscape:inkscape:1.1
-
cpe:2.3:a:inkscape:inkscape:1.1.1
-
cpe:2.3:a:inkscape:inkscape:1.1.2
-
cpe:2.3:a:inkscape:inkscape:1.2
-
cpe:2.3:a:inkscape:inkscape:1.2.1
-
cpe:2.3:a:inkscape:inkscape:1.2.2