CVE-2026-41580 in Stirling-PDFinformation

Résumé

par MITRE • 15/07/2026

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirling-PDF's /get-info-on-pdf endpoint rendered PDF Title and Author metadata fields without proper HTML encoding or sanitization, allowing a crafted PDF to execute attacker-controlled JavaScript in the browser of a user who views the resulting page. This issue is fixed in version 2.0.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsable

GitHub M

Réserver

21/04/2026

Divulgation

15/07/2026

Modérer

accepté

Entrée

VDB-379291

CPE

prêt

EPSS

0.00000

KEV

non

Activités

très faible

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!