xml2rfc is vulnerable to arbitrary file reads through prepped files

Impact

When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML.

Workarounds

Test untrusted input with link elements with rel="attachment" before processing.

References

This is related to GHSA-cfmv-h8fx-85m7.

Published: Sep 10, 2025
Updated: Sep 11, 2025
GHSA: GHSA-9mv7-3c64-mmqw
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
xml2rfc	-	3.30.2

https://github.com/ietf-tools/xml2rfc/commit/73fb1c91fc62ac540bb6bd24f982f2becf84c1b0
https://github.com/ietf-tools/xml2rfc/releases/tag/v3.30.2
https://github.com/ietf-tools/xml2rfc/security/advisories/GHSA-9mv7-3c64-mmqw

Vulnerability Database

xml2rfc is vulnerable to arbitrary file reads through prepped files

Impact

Workarounds

References