VDB
KO

PYSEC-2026-1993

unstructured XML External Entity (XXE)

Details

unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / unstructured
Introduced in: 0 Fixed in: 0.14.3
Fix pip install --upgrade 'unstructured>=0.14.3'

References