CVE-2025-11059

When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML.

Test untrusted input with link elements with rel="attachment" before processing.

This is related to GHSA-cfmv-h8fx-85m7.