What is GHSA-fq39-62gx-8hqx?

GHSA-fq39-62gx-8hqx is a security advisory published by GitHub Security Advisories with Medium severity. The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx...

Which CVE IDs does GHSA-fq39-62gx-8hqx cover?

GHSA-fq39-62gx-8hqx covers the following CVE IDs: CVE-2026-46722. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-fq39-62gx-8hqxMedium

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx...

Vendor

GitHub Security Advisories

Published

May 19, 2026

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2026-46722 →

📋 Description

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-46722
https://typo3.org/security/advisory/typo3-ext-sa-2026-011
https://github.com/advisories/GHSA-fq39-62gx-8hqx