1. CVE-2026-41650: fast-xml-parser XMLBuilder Flaw Allows Comment and CDATA Injection via Unescaped Delimiters
A security vulnerability has been identified in fast-xml-parser, a widely used open-source XML parsing library maintained by NaturalIntelligence. The flaw, tracked as CVE-2026-41650 (GHSA-gh4j-gqv2-49f6), resides in the XMLBuilder component and stems from improper handling of unescaped delimiters during XML processing....