CVE-2026-41580 in Stirling-PDF
Résumé
par MITRE • 15/07/2026
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirling-PDF's /get-info-on-pdf endpoint rendered PDF Title and Author metadata fields without proper HTML encoding or sanitization, allowing a crafted PDF to execute attacker-controlled JavaScript in the browser of a user who views the resulting page. This issue is fixed in version 2.0.0.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.