An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function via lxml dependency allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
ebookmeta.get_metadata
"https://github.com/pypa/advisory-database/blob/main/vulns/ebookmeta/PYSEC-2026-1324.yaml"