TeXLive CVE-2026-33046
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Blast Radius
ecosystem impact- 28 pypi packages depend on indico (28 direct, 1 indirect)
Ecosystem-wide dependent count for version 3.3.12.
DescriptionGitHub Advisory
> [!NOTE] > If server-side LaTeX rendering is not in use (ie XELATEX_PATH was not set in indico.conf), this vulnerability does not apply.
Impact
Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX snippets which can read local files or execute code with the privileges of the user running Indico on the server.
Patches
It is recommended to update to Indico 3.3.12 as soon as possible. See the docs for instructions on how to update.
It is also strongly recommended to enable the containerized LaTeX renderer (using podman), which isolates it from the rest of the system. See the docs for details - it is very easy and from now on the only recommended/supported way of using LaTeX.
Workarounds
Remove the XELATEX_PATH setting from indico.conf (or comment it out or set it to None) and restart the indico-uwsgi and indico-celery services to disable LaTeX functionality.
For more information
For any questions or comments about this advisory:
- Open a thread in the forum
- Send an email to [indico-team@cern.ch](mailto:indico-team@cern.ch)
AnalysisAI
A LaTeX injection vulnerability in Indico (event management platform) allows authenticated attackers to read local files or execute arbitrary code on the server when server-side LaTeX rendering is enabled via XELATEX_PATH configuration. The vulnerability stems from TeXLive weaknesses and insufficient sanitization of LaTeX input, permitting specially-crafted snippets to bypass security controls. Patches are available in version 3.3.12, and there is no evidence of active exploitation (not in CISA KEV), though multiple proof-of-concept patches indicate the vulnerability has been thoroughly analyzed.
Technical ContextAI
Indico is a Python-based event management system (pkg:pip/indico) that optionally renders LaTeX documents server-side using XeLaTeX from the TeXLive distribution. The vulnerability is classified as CWE-22 (Path Traversal), though it extends beyond simple directory traversal to include command injection capabilities. The root cause involves obscure LaTeX syntax features that bypass Indico's input sanitization combined with inherent TeXLive vulnerabilities allowing file system access and command execution through LaTeX primitives like \input, \include, or shell-escape features. The attack surface only exists when XELATEX_PATH is explicitly configured in indico.conf, making server-side LaTeX rendering active.
RemediationAI
Upgrade to Indico version 3.3.12 or later following the official upgrade documentation at https://docs.getindico.io/en/stable/installation/upgrade/. It is strongly recommended to implement the containerized LaTeX renderer using Podman, which provides isolation from the host system and is now the only supported configuration (see https://docs.getindico.io/en/stable/installation/upgrade/#upgrading-to-3-3-12). As an immediate workaround if upgrading is not possible, disable LaTeX functionality by removing or commenting out the XELATEX_PATH setting in indico.conf (or setting it to None), then restart both indico-uwsgi and indico-celery services. The patches are tracked in commits 0adb70f0ed66e129361d447868f5f3eb90dc5e96, 1dbb12525b3de14229bf4d1ae192988068f975f6, 5f24d23ce9c4b0e4b68b3d0b58987a948fc57c8a, and fb169ced710c30cf792ce4b9f48688db0633cfd8.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today