CVE-2026-29074 | svgo up to 2.8.0/3.3.2/4.0.0 SVG File Parser xml entity expansion

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability classified as problematic was found in svgo up to 2.8.0/3.3.2/4.0.0. Affected by this vulnerability is an unknown functionality of the component SVG File Parser. Executing a manipulation can lead to xml entity expansion.

This vulnerability is handled as CVE-2026-29074. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.

CVE-2026-29074 | svgo up to 2.8.0/3.3.2/4.0.0 SVG File Parser xml entity expansion

Post correlati

CVE-2024-32833 | Nick Halsey List Custom Taxonomy Widget Plugin up to 4.1 on WordPress cross site scripting

CVE-2024-35183 | wolfi-dev wolfictl up to 0.16.9 file access (GHSA-8fg7-hp93-qhvr)

CVE-2025-7784 | Red Hat Keycloak Admin Console privileges management

CVE-2024-33546 | AA-Team WZone Plugin up to 14.0.10 on WordPress sql injection