diff --git a/Doc/library/xml.sax.utils.rst b/Doc/library/xml.sax.utils.rst
index 5ee11d58c3dd26..2df9d0542f50a3 100644
--- a/Doc/library/xml.sax.utils.rst
+++ b/Doc/library/xml.sax.utils.rst
@@ -71,6 +71,11 @@ or as base classes.
    content:  if ``False`` (the default) they are emitted as a pair of start/end
    tags, if set to ``True`` they are emitted as a single self-closed tag.
 
+   .. note::
+      :class:`!XMLGenerator` is only intended to be used as a ``handler``
+      with SAX parser functions from the :mod:`!xml.sax` module. Using XMLGenerator
+      on untrusted user inputs is not the intended use.
+
    .. versionchanged:: 3.2
       Added the *short_empty_elements* parameter.
 
diff --git a/Misc/NEWS.d/next/Documentation/2025-10-01-10-06-52.gh-issue-139478.AdnsbB.rst b/Misc/NEWS.d/next/Documentation/2025-10-01-10-06-52.gh-issue-139478.AdnsbB.rst
new file mode 100644
index 00000000000000..bf471c50cb1839
--- /dev/null
+++ b/Misc/NEWS.d/next/Documentation/2025-10-01-10-06-52.gh-issue-139478.AdnsbB.rst
@@ -0,0 +1,2 @@
+:mod:`xml.sax.saxutils`: Add warning about lack of
+validation for :class:`~xml.sax.saxutils.XMLGenerator`.