Skip to main content

Inkscape

3 CVEs product

Monthly

CVE-2026-4980 MEDIUM PATCH This Month

Inkscape 1.1 before 1.3 contains a local file disclosure vulnerability in XInclude processing that allows unauthenticated remote attackers to read arbitrary files from an affected system by crafting malicious SVG files with xi:include tags. The vulnerability has a moderate CVSS score of 6.3 but carries high confidentiality impact; no public exploit code or active exploitation has been confirmed at the time of analysis. Upstream fixes are available via GitLab merge requests, and users should upgrade to version 1.3 or later.

XXE Inkscape
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2012-6076 MEDIUM This Month

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Inkscape
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-5656 MEDIUM POC PATCH This Month

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

XXE Inkscape Fedora Ubuntu Linux Opensuse
NVD
CVSS 3.1
5.5
EPSS
0.1%
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Inkscape 1.1 before 1.3 contains a local file disclosure vulnerability in XInclude processing that allows unauthenticated remote attackers to read arbitrary files from an affected system by crafting malicious SVG files with xi:include tags. The vulnerability has a moderate CVSS score of 6.3 but carries high confidentiality impact; no public exploit code or active exploitation has been confirmed at the time of analysis. Upstream fixes are available via GitLab merge requests, and users should upgrade to version 1.3 or later.

XXE Inkscape
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Inkscape
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

XXE Inkscape Fedora +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy