CVE 2021-40694

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.

See the CVE page on Mitre.org for more details.