Vulnerability-Lookup

CVE-2026-33929 (GCVE-0-2026-33929)

Vulnerability from cvelistv5 – Published: 2026-04-14 08:09 – Updated: 2026-04-14 19:50

Title

Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or 3.0.8 once available. Until then, they should apply the fix provided in GitHub PR 427. The ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn't consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with /home/ABC, e.g. "/home/ABCDEF". Users who have copied this example into their production code should apply the mentioned change. The example has been changed accordingly and is available in the project repository.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

apache

References

3 references

URL	Tags
https://github.com/apache/pdfbox/pull/427/changes	patch
https://lists.apache.org/thread/op3lyx1ngzy4qycn0…	mailing-list
https://lists.apache.org/thread/j8l07tgzy9dm8d8n0…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache PDFBox Examples	Affected: 2.0.24 , ≤ 2.0.36 (semver) Affected: 3.0.0 , ≤ 3.0.7 (semver)

Credits

Kaixuan Li

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-33929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T19:50:04.295675Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T19:50:07.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.pdfbox:pdfbox-examples",
          "product": "Apache PDFBox Examples",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.0.36",
              "status": "affected",
              "version": "2.0.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "3.0.7",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Kaixuan Li"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Apache PDFBox Examples.\u003c/p\u003e\u003cp\u003eThis issue affects the \nExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7.\u003c/p\u003e\u003cp\u003e\nUsers are recommended to update to version 2.0.37 or 3.0.8 once \navailable. Until then, they should apply the fix provided in GitHub PR \n427.\u003c/p\u003e\u003cp\u003eThe ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn\u0027t consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with\u0026nbsp;/home/ABC, e.g.\u0026nbsp;\"/home/ABCDEF\".\u003c/p\u003e\u003cp\u003eUsers who have copied this example into their production code should apply the mentioned change. The example \nhas been changed accordingly and is available in the project repository.\u003c/p\u003e"
            }
          ],
          "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Apache PDFBox Examples.\n\nThis issue affects the \nExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7.\n\n\nUsers are recommended to update to version 2.0.37 or 3.0.8 once \navailable. Until then, they should apply the fix provided in GitHub PR \n427.\n\nThe ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn\u0027t consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with\u00a0/home/ABC, e.g.\u00a0\"/home/ABCDEF\".\n\nUsers who have copied this example into their production code should apply the mentioned change. The example \nhas been changed accordingly and is available in the project repository."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-14T08:09:39.517Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/pdfbox/pull/427/changes"
        },
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread/op3lyx1ngzy4qycn06l6hljyf28ff0zs"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/j8l07tgzy9dm8d8n0f3c45h7zg7t3ld6"
        }
      ],
      "source": {
        "defect": [
          "PDFBOX-6180"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-33929",
    "datePublished": "2026-04-14T08:09:39.517Z",
    "dateReserved": "2026-03-24T17:06:35.279Z",
    "dateUpdated": "2026-04-14T19:50:07.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-33929",
      "date": "2026-06-18",
      "epss": "0.00711",
      "percentile": "0.48683"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33929\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-04-14T09:16:36.297\",\"lastModified\":\"2026-04-20T16:58:21.073\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Apache PDFBox Examples.\\n\\nThis issue affects the \\nExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7.\\n\\n\\nUsers are recommended to update to version 2.0.37 or 3.0.8 once \\navailable. Until then, they should apply the fix provided in GitHub PR \\n427.\\n\\nThe ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn\u0027t consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with\u00a0/home/ABC, e.g.\u00a0\\\"/home/ABCDEF\\\".\\n\\nUsers who have copied this example into their production code should apply the mentioned change. The example \\nhas been changed accordingly and is available in the project repository.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.24\",\"versionEndExcluding\":\"2.0.37\",\"matchCriteriaId\":\"6575F889-F1A2-46DB-AE08-1FCD511CA44E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.8\",\"matchCriteriaId\":\"5D05B9D6-455C-48FA-A899-CDC053258BF5\"}]}]}],\"references\":[{\"url\":\"https://github.com/apache/pdfbox/pull/427/changes\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread/j8l07tgzy9dm8d8n0f3c45h7zg7t3ld6\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/op3lyx1ngzy4qycn06l6hljyf28ff0zs\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33929\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-14T19:50:04.295675Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-14T19:49:58.797Z\"}}], \"cna\": {\"title\": \"Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code\", \"source\": {\"defect\": [\"PDFBOX-6180\"], \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Kaixuan Li\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache PDFBox Examples\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.24\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.0.36\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.0.7\"}], \"packageName\": \"org.apache.pdfbox:pdfbox-examples\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/apache/pdfbox/pull/427/changes\", \"tags\": [\"patch\"]}, {\"url\": \"https://lists.apache.org/thread/op3lyx1ngzy4qycn06l6hljyf28ff0zs\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread/j8l07tgzy9dm8d8n0f3c45h7zg7t3ld6\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Apache PDFBox Examples.\\n\\nThis issue affects the \\nExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7.\\n\\n\\nUsers are recommended to update to version 2.0.37 or 3.0.8 once \\navailable. Until then, they should apply the fix provided in GitHub PR \\n427.\\n\\nThe ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn\u0027t consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with\\u00a0/home/ABC, e.g.\\u00a0\\\"/home/ABCDEF\\\".\\n\\nUsers who have copied this example into their production code should apply the mentioned change. The example \\nhas been changed accordingly and is available in the project repository.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Apache PDFBox Examples.\u003c/p\u003e\u003cp\u003eThis issue affects the \\nExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7.\u003c/p\u003e\u003cp\u003e\\nUsers are recommended to update to version 2.0.37 or 3.0.8 once \\navailable. Until then, they should apply the fix provided in GitHub PR \\n427.\u003c/p\u003e\u003cp\u003eThe ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn\u0027t consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with\u0026nbsp;/home/ABC, e.g.\u0026nbsp;\\\"/home/ABCDEF\\\".\u003c/p\u003e\u003cp\u003eUsers who have copied this example into their production code should apply the mentioned change. The example \\nhas been changed accordingly and is available in the project repository.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-04-14T08:09:39.517Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33929\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-14T19:50:07.000Z\", \"dateReserved\": \"2026-03-24T17:06:35.279Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-04-14T08:09:39.517Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-33929

Vulnerability from fkie_nvd - Published: 2026-04-14 09:16 - Updated: 2026-06-17 10:38

Severity

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

References

URL	Tags
security@apache.org	https://github.com/apache/pdfbox/pull/427/changes	Patch
security@apache.org	https://lists.apache.org/thread/j8l07tgzy9dm8d8n0f3c45h7zg7t3ld6	Mailing List, Vendor Advisory
security@apache.org	https://lists.apache.org/thread/op3lyx1ngzy4qycn06l6hljyf28ff0zs	Mailing List

Impacted products

	Vendor	Product	Version
	apache	pdfbox	*
	apache	pdfbox	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.pdfbox:pdfbox-examples",
          "product": "Apache PDFBox Examples",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.0.36",
              "status": "affected",
              "version": "2.0.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "3.0.7",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "source": "security@apache.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6575F889-F1A2-46DB-AE08-1FCD511CA44E",
              "versionEndExcluding": "2.0.37",
              "versionStartIncluding": "2.0.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D05B9D6-455C-48FA-A899-CDC053258BF5",
              "versionEndExcluding": "3.0.8",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Apache PDFBox Examples.\n\nThis issue affects the \nExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7.\n\n\nUsers are recommended to update to version 2.0.37 or 3.0.8 once \navailable. Until then, they should apply the fix provided in GitHub PR \n427.\n\nThe ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn\u0027t consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with\u00a0/home/ABC, e.g.\u00a0\"/home/ABCDEF\".\n\nUsers who have copied this example into their production code should apply the mentioned change. The example \nhas been changed accordingly and is available in the project repository."
    }
  ],
  "id": "CVE-2026-33929",
  "lastModified": "2026-06-17T10:38:19.190",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-33929",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-04-14T19:50:04.295675Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-04-14T09:16:36.297",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/apache/pdfbox/pull/427/changes"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/j8l07tgzy9dm8d8n0f3c45h7zg7t3ld6"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread/op3lyx1ngzy4qycn06l6hljyf28ff0zs"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

GHSA-GCJ8-76P4-G2FQ

Vulnerability from github – Published: 2026-04-14 09:30 – Updated: 2026-04-14 23:42

Summary

Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Details

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples.

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7.

Users are recommended to update to version 2.0.37 or 3.0.8 once available. Until then, they should apply the fix provided in GitHub PR 427.

The ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn't consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with /home/ABC, e.g. "/home/ABCDEF".

Users who have copied this example into their production code should apply the mentioned change. The example has been changed accordingly and is available in the project repository.

Severity

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.36"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.pdfbox:pdfbox-examples"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.24"
            },
            {
              "fixed": "2.0.37"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.7"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.pdfbox:pdfbox-examples"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T23:42:00Z",
    "nvd_published_at": "2026-04-14T09:16:36Z",
    "severity": "MODERATE"
  },
  "details": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Apache PDFBox Examples.\n\nThis issue affects the \nExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7.\n\n\nUsers are recommended to update to version 2.0.37 or 3.0.8 once available. Until then, they should apply the fix provided in GitHub PR 427.\n\nThe ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn\u0027t consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with\u00a0/home/ABC, e.g.\u00a0\"/home/ABCDEF\".\n\nUsers who have copied this example into their production code should apply the mentioned change. The example \nhas been changed accordingly and is available in the project repository.",
  "id": "GHSA-gcj8-76p4-g2fq",
  "modified": "2026-04-14T23:42:00Z",
  "published": "2026-04-14T09:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33929"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/pdfbox/pull/427/changes"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/pdfbox"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/j8l07tgzy9dm8d8n0f3c45h7zg7t3ld6"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/op3lyx1ngzy4qycn06l6hljyf28ff0zs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code"
}

SUSE-SU-2026:22088-1

Vulnerability from csaf_suse - Published: 2026-06-08 14:37 - Updated: 2026-06-08 14:37

Summary

Security update for apache-pdfbox

Severity

Moderate

Notes

Title of the patch: Security update for apache-pdfbox

Description of the patch: This update for apache-pdfbox fixes the following issues: Update to version 2.0.36. Security issues fixed: - CVE-2026-33929: path traversal in the `ExtractEmbeddedFiles` example code can lead to arbitrary file writes (bsc#1262046). Other updates and bugfixes: - Version 2.0.36: - XMPBox removes namespaces on serialization - False negative on PDFA-1b validation : missing field type - PlainText.Paragraph.getLines extremely slow on long lines - Valid PDF/A 1B is rejected - Potential StackOverflows in BaseParser - Unknown code in Huffman RLE stream - IllegalArgumentException: Can't add attribute to 0-length text - TTFSubsetter.buildGlyfTable() modifies glyphIds while iterating over its entries possibly causing ConcurrentModificationException to be thrown - IndexOutOfBoundsException in Type1CharStringParser.processCallSubr() - Exception "No type defined for {http://www.aiim.org/pdfa/ns/id/}rev" when trying to determine version of PDF/A-4 document - allow new PDF/A-4 conformance levels - pdfbox-app-X.X.X-sources.jar on maven central are empty (and javadoc jar is missing) - Cmd line docs - IllegalArgumentException: Multiplying two matrices produces illegal values in PDFStreamEngine.processAnnotation() - XmpParsingException: Schema is not set in this document: http://ns.adobe.com/xap/1.0/sType/ResourceEvent# - NullPointerException in FontMapperImpl.getFontMatches() - border style in FDFAnnotation is not initialized if width is 0 - German umlauts are not rendered - Invalid type in Schema not detected when in XML attributes - Serializing produces date "1-01-01T00:00:00+01:00" - Seconds of date "D:2015-02-03T10:11:12" returned as 0 - Confusing naming of "DerivedFrom" property getter in XMPMediaManagementSchema - ClassCastException in XMPMediaManagementSchema.getHistory() - IllegalArgumentException: Input buffer too short in StandardSecurityHandler.computeRC4key() - IllegalArgumentException: Width (0) and height (0) cannot be <= 0 when printing landscape rotated with RASTERIZE_DPI_AUTO - DateConverter fails on valid date - ClassCastException: class org.apache.xmpbox.type.TextType cannot be cast to class org.apache.xmpbox.type.ArrayProperty in DublinCoreSchema.getCreatorsProperty() - tiff:YCbCrSubSampling and tiff:YCbCrPositioning have wrong cardinality - ClassCastException: class org.apache.xmpbox.type.FlashType - Cannot find a definition for the namespace http://www.w3.org/1999/02/22-rdf-syntax-ns#, property: rdf:Description http://ns.adobe.com/xap/1.0/sType/ResourceEvent#, property:stEvt:action - XmpParsingException: Missing pdfaSchema:property in type definition in lenient mode - XmpParsingException: Unknown property value type : Open Choice of Integer - XmpParsingException: Property 'CountryCode' not defined in http://www.epo.org/patent-bibliographic-data/1.0/ - date "0-00-00T00:00:00-04:00" read as "0002-11-30T00:00:00-40:00" - XmpParsingException: Type 'stRef:documentName' not defined in http://ns.adobe.com/xap/1.0/sType/ResourceRef# in lenient mode - Invalid PDF/A namespace definition, prefix: xmlns, namespace: http://www.aiim.org/pdfa/ns/extension/ http://www.aiim.org/pdfa/ns/extension/, property: pdfaExtension:schemas - NegativeArraySizeException in PredictorOutputStream() - NullpointerException in PDAcroForm.getField(Line 485) - OutOfMemoryError when trying to extract text from pdf - Outlines circular reference vulnerability - Rendered text missing - Inverted images due to enlarged decode array - PDF displays garbled characters in Adobe Reader but renders correctly in web browsers - NullPointerException while merging PDFs with output intents - Valid XMP Extension Schema rejected - Remove dead code from PDFMarkedContentExtractor - Include test file in test class - Get and Add PageTextSchema - Remove / deprecate TypeMapping.getAssociatedSchemaObject() - Support Seq / Bag mixup in lenient mode - Parse xmp files in lenient mode that have no processing instructions - deprecate getPDFIdentificationSchema() in favor of getPDFAIdentificationSchema() - Support TIFF-files with FillOrder=2 conversion to PDF - Remove / deprecate unused parts of PDIndexed - modernize rat exclusions - Version 2.0.35: - NegativeArraySizeException with PDF file with huge fonts - Inline image bug with multi-byte newline tokens - fix initial ByteArrayOutputStream size for deflate operation - PDF takes an hour to render - Splitter does not include structure tree in documents past the first split - build fails on jdk11 - Load a TTF font which is from Mac OS throw an exception - Wrong glyphs since PDFBOX-5790 - ClassCastException on broken file in PDEmbeddedFilesNameTreeNode.convertCOSToPD() - invalid XMP generated when Apache Xalan in the classpath - XMP JobType constructor ignores fieldPrefix - NullPointerException in xmpbox serializer if a date is empty - Rendering issue with type 2 shading: vertical expansion - Possible infinite loop in shading code - Potential OOM in XrefStreamParser - Potential StackOverflow in PDFStreamParser - Potential StackOverflow in PDPageTree's getInheritableAttribute - Potential OOM in Type1Lexer - Potential OOM in PfbParser - PDMarkedContentReference.setMCID() should not accept negative numbers - IllegalPathStateException: missing initial moveto in path definition - Fix possible ClassCastException - NullPointerException in COSDictionary - StringIndexOutOfBoundsException in PlainText$Paragraph.getLines() - LZWFilter crashes, probably not handling the KwKwK special case - NullPointerException in PDNumberTreeNode.getNumbers() - UnsupportedOperationException: JPX color spaces don't support drawing - Signing tries to set byteRange of old signature (2) - ClassCastException in PDOptionalContentProperties.getBaseState() - Add test for embedded files - set size for ByteArrayOutputStreams - avoid creation of temporary objects when parsing hex values - avoid unnecessary map lokups - remove unnecessary iteration and StringBuilder creation - Support reverse landscape orientation for printing - Add test coverage for orphan annotation - Remove orphan popup parent annotation - Improve XmpSerializer test by verifying its output - Consider rotation of page when applying overlay - Preserve Perms dictionary when signing - Check /ParentTree against /K tree - Add test for 5521 - Refactor RC4Cipher - Regression tests for 2.0.35 - Version 2.0.34: - PageDrawer is not rendering unrotatable Annotations on rotated pages - Zero-width non-joiner characters visible in generated PDF - Surrogate pairs with combining diacritics are incorrectly ordered on text extraction - TestCreateSignature.testCreateSignedTimeStamp checkLTV build test fail (2) / Support several issuers - IllegalArgumentException: Width (0) and height (0) must be non-zero - Merge docs with specific characteristics causes stack overflow - InvalidKeyException: Supplied key (sun.security.ec.ECPrivateKeyImpl) is not a RSAPrivateKey - Can't read the embedded Type1 font: Found Token[kind=NAME,text=def] but expected begin - Wrong size entry in trailer after incremental save - FileSystemFontProvider doesn't register failed type1 fonts - Text annotation crosshair symbol too small when using Adobe symbol font - Orphan /OpenAction destination page kept in merge - PDFRenderer causes endless loop - Invalid stream length: 0, stream start position: <xxx> - Inline image incorrectly parsed (2) - IllegalArgumentException: Not a valid Unicode code point: 0xE28496 - Type 3 font glyphs not displayed - Rendered PDF is missing shading pattern graphics - NPE during merge - Class cast exception in building PDDestinationNameTreeNode - DomXmpParser incorrectly expects namespaces on attribute level - BDC processor mishandles property name - Can't render some Type1C fonts. - PDF to Image conversion results in a blank white page - Implement PDFormXObject.setGroup() - CertificateVerifier.isSelfSigned() should not throw an exception - Use Zapf Dingbats code for cross text annotation - Support PushPin, Tag and Graph file attachment annotation icons - Improve PDFMergerUtility memory footprint - Support rare RC4 encryption where R=4, key length < 128 bits - Improve checkWithNumberTree() test - Use SHA256 instead of MD5 for document id - Version 2.0.33: - Character positions shifted - Incorrectly extracted text (broken words) - Wrong color of uncolored tiling pattern - OutOfMemoryError - during renderImageWithDPI - BaseParser fails when a number is followed by a string starting with 'e' - Type3 font is not rendered - Flattening removes all annotations when widget annotation has no page - Image lost on page render - extra whitespaces when extracting Arabic text - SMaskInData not supported for JPX images - Kid Widget /DA is ignored in setDefaultAppearance() call - Radio button can't be set - the PDDocument.documentId does not seem to be written into the flat byteStream - PDFBox is unable to remove ID - Fix last step of the build process - StringIndexOutOfBoundsException in AppearanceGeneratorHelper - ClassCastException in SetLineJoinStyle.process() - Unable to load password protected pdf - PDFBox not extracting text of non-latin languages(tamil, bengali) properly but adobe reader's save as text does - Checkstyle - [PATCH] Detect CMYK image without relying on metadata - Regression from PDFBOX-5841: Text extraction with rotation magic fails for PDF with multiple content streams in a page - PDF render blank page: The end of the stream doesn't point to the correct offset, using workaround to read the stream, stream start position: 196, length: 0, expected end position: 196 - CVE for Lucene libraries - The pattern created with PDFBox shows inconsistent colors between Safari and Adobe. - BDC sequence with resource reference instead of with MCID - StackOverflowError in PDFieldFactory.findFieldType - ClassCastException in AnnotationValidator - The CPU usage of a PDF file with a size of 85.6 MB is abnormal - Many ZapfDingbats symbols do not appear when page is rendered. - IOException when reading isolated "+" - IllegalArgumentException: capacity < 0: (-75475220 < 0) in RandomAccessReadBuffer constructor - FontBox spawns a `cmd` subprocess to read an environment variable (on Windows) - Implement PDF 2.0 dash phase clarification (2) - Particular PDF fails on renderImageWithDPI call - PDType0Font return invalid space width - Icons of text annotations sometimes too large - Orphan page check doesn't check annotation destinations - NPE in COSArray.indexOfObject - NPE in PagePane.mouseMoved() - ArrayIndexOutOfBoundsException in CMap.toInt() - Show ASN.1 decoded Contents for Signature-Dictionary - Exchange hard-coded values for variables and provide command-line options in TextToPDF component - Long rendering time of fonts in a specific PDF - Support imageio-jnr / imageio-openjpeg library for JPEG2000 decoding - Improve ExtractTTFFonts - Change Loglevel from Warn to info when rebuilding font cache - Support OCG visibility expressions - Add page getter/setter to PDObjectReference - Support long values for COSInteger objects - Empty constructor for PDViewerPreferences - Add check of /P to PDFMergerUtilityTest - support Markdown extraction from the command line - Calculate dpi dynamically when printing with raster - Remove orphan annotations in structure tree - Add font name to PrintTextLocations - Improve detection whether printing or viewing - Hi CPU and memory usage when converting a PDF with type 4 shading - 2.0 builds fail on jenkins because jdk11 no longer supported - Version 2.0.32: - preflight-app fails on Java 11+ with NoClassDefFoundError: javax/activation/DataSource - AppearanceGeneratorHelper assumes fontscale 1000 - Remove release subproject - Don't use a predefined CMap if a ToUnicode CMap is present - Regression NPE in Splitter - The content of the specified font is lost, Google Chrome can display it - Crash for Softmask with incorrect backdrop color components - Observable Timing Discrepancy (Timing Attack) - Black rectangle over image - Wrong font substitution for Wingdings - PDDocument#importPage slowed down by factor 1300 - Split aborts with broken destinations - IllegalArgumentException: Parameter must be 1-based, but is 0 when using PDFTextStripperByArea - Files created with PDFMergerExample are not correct PDF/A - Missing /Subtype and /Type in Metadata not detected - Multiple exceptions coming from org.apache.fontbox.ttf for different PDFs - IOException: Error expected floating point numberactual='-12.-1' - NullPointerException: Cannot invoke "String.codePointAt(int)" because "uni" is null - DomXmpParser - IllegalArgumentException: prefix cannot be "null" when creating a QName - ClassCastException: org.apache.pdfbox.cos.COSNull cannot be cast to org.apache.pdfbox.cos.COSDictionary - IllegalArgumentException: Width (26) and height (0) must be non-zero - There is an exception when getting embedded font, is it compatible? - Infinite loop after splitting and saving PDF / giant result files - JPEGFactory. Reduce logging severity when no image metadata is present - Add test for surrogate pair character ð© ̧1⁄2 - Update unicode Scripts.txt - Include a PDFA check with VeraPDF for CreatePDFATest - Add center constructor parameter to PDFPageable and to pdfbox-app - When splitting, keep named page destinations that are part of target document(s) - When this PDF is rendered with the "f" Operator, a black screen appears. - Investigate why we get "response contains wrong nonce value" during build tests - Version 2.0.31: - [PATCH] Split pdf lose accessibility tags - Allow creating of PDFXObjectImage without accessing to the image stream - PfbParser fails to parse PFB font with multiple binary records. - Lines vanish when printing on MacOS - java.lang.IllegalArgumentException: Provided dictionary is not of type 'COSName{OCG}' - The embedded font DroidSansFallbackFull reports an error when parsing, and finally uses lastResortFont, resulting in garbled fonts. - COSName caches already cached hashCode - Font operation takes a long time with 3.0.1 - NullPointerException in TTFSubsetter.buildPostTable() - Problem converting PDF to image (java.awt.color.CMMException: Can not access specified profile) - Set the default value for PDNonTerminalField - java.lang.ArrayIndexOutOfBoundsException Bug Report - Wrong colors in PDF since PDFBOX-5488 - Java 7 support on 2.0 - Convert to image exception - PDF conversion in this format is very slow. Is there any room for optimization? - IllegalArgumentException: -Infinity is not a finite number - Inconsistent signature page handling when signing in existing signature fields - Add leading "0" for octal values in MacOSRomanEncoding - DataFormatException: invalid distance too far back - Grayscale JPEG rendered multicolor - OutOfMemoryError in FileSystemFontsProvider.scanFonts - NPE in PageDrawer.getPaint() - Issue with embedded Font and descendant Font - LCMS error 13: Mismatched alpha channels - Enable Native Markdown Extraction in Apache PDFBox - When splitting, keep page destinations that are part of target document(s) - Replace Exception with some repair attempt - Version 2.0.30: - Regression unicode mapping in Korean document - Operators "q" and "Q" should also preserve text matrices - Signature Image not Rendered starting with PDFBox 2.0.23 - Fonts are not subsetted when saving incrementally - Bug in PDFMergerUtility#mergeFields - Password protected PDF opens in GUI apps but PDFbox says invalid password - Wrong error message "2.4.1 : Invalid Color space, The operator "rg" can't be used with CMYK Profile" - Make FDF annotations more compliant with the specification - NPE in DomXmpParser.parseLiDescription - Regression: NoSuchElementException in PDFXrefStreamParser - The PageDrawer.strokePath method is blocked, and cpu100% - Avoid NPE when processing CFF2 based fonts - IllegalArgumentException: Dimensions (width=458477041 height=26) are too large - Can not see checkbox check - NPE when converting pdf to image. - NullPointerException in XMPMetadata.getSchema() - PDFToImage might not correctly detect unsupported image formats - Font cache isn't effective on my machine, always rebuilds - PDF to Image conversion results in different converted image - Text in a certain font is lost when converting pdf to image - Incorrect colors in image from PDFs (DCTDecode) - Inconsistent/incomplete PDF rendering - Improve code quality (4) - Add PDRectangle#TABLOID paper size - Support version 0.5 of MaximumProfileTable - loca-table isn't mandatory for TTF/OTF-fonts using CFF outlines - Implement PDF 2.0 dash phase clarification - Add getter and setter for the CO array under PDAcroForm - Make UTC timezone static - Facilitate migration to PDFBox 3.0 - Consolidate bouncycastle configuration - Consistent scm.url values for pom.xml - use comparison operators for enums

Patchnames: SUSE-SLES-16.0-905

CVE-2026-3392

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-33929

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

10 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2026…	self
https://bugzilla.suse.com/1262046	self
https://www.suse.com/security/cve/CVE-2026-3392/	self
https://www.suse.com/security/cve/CVE-2026-33929/	self
https://www.suse.com/security/cve/CVE-2026-3392	external
https://www.suse.com/security/cve/CVE-2026-33929	external
https://bugzilla.suse.com/1262046	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for apache-pdfbox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for apache-pdfbox fixes the following issues:\n\nUpdate to version 2.0.36.\n\nSecurity issues fixed:\n\n- CVE-2026-33929: path traversal in the `ExtractEmbeddedFiles` example code can lead to arbitrary file writes\n  (bsc#1262046).\n\nOther updates and bugfixes:\n\n- Version 2.0.36:\n  - XMPBox removes namespaces on serialization\n  - False negative on PDFA-1b validation : missing field type\n  - PlainText.Paragraph.getLines extremely slow on long lines\n  - Valid PDF/A 1B is rejected\n  - Potential StackOverflows in BaseParser\n  - Unknown code in Huffman RLE stream\n  - IllegalArgumentException: Can\u0027t add attribute to 0-length text\n  - TTFSubsetter.buildGlyfTable() modifies glyphIds while iterating over its entries possibly causing\n    ConcurrentModificationException to be thrown\n  - IndexOutOfBoundsException in Type1CharStringParser.processCallSubr()\n  - Exception \"No type defined for {http://www.aiim.org/pdfa/ns/id/}rev\" when trying to determine version of PDF/A-4\n    document\n  - allow new PDF/A-4 conformance levels\n  - pdfbox-app-X.X.X-sources.jar on maven central are empty (and javadoc jar is missing)\n  - Cmd line docs\n  - IllegalArgumentException: Multiplying two matrices produces illegal values in PDFStreamEngine.processAnnotation()\n  - XmpParsingException: Schema is not set in this document: http://ns.adobe.com/xap/1.0/sType/ResourceEvent#\n  - NullPointerException in FontMapperImpl.getFontMatches()\n  - border style in FDFAnnotation is not initialized if width is 0\n  - German umlauts are not rendered\n  - Invalid type in Schema not detected when in XML attributes\n  - Serializing produces date \"1-01-01T00:00:00+01:00\"\n  - Seconds of date \"D:2015-02-03T10:11:12\" returned as 0\n  - Confusing naming of \"DerivedFrom\" property getter in XMPMediaManagementSchema\n  - ClassCastException in XMPMediaManagementSchema.getHistory()\n  - IllegalArgumentException: Input buffer too short in StandardSecurityHandler.computeRC4key()\n  - IllegalArgumentException: Width (0) and height (0) cannot be \u003c= 0 when printing landscape rotated with\n    RASTERIZE_DPI_AUTO\n  - DateConverter fails on valid date\n  - ClassCastException: class org.apache.xmpbox.type.TextType cannot be cast to class\n    org.apache.xmpbox.type.ArrayProperty in DublinCoreSchema.getCreatorsProperty()\n  - tiff:YCbCrSubSampling and tiff:YCbCrPositioning have wrong cardinality\n  - ClassCastException: class org.apache.xmpbox.type.FlashType\n  - Cannot find a definition for the namespace http://www.w3.org/1999/02/22-rdf-syntax-ns#, property:\n    rdf:Description http://ns.adobe.com/xap/1.0/sType/ResourceEvent#, property:stEvt:action\n  - XmpParsingException: Missing pdfaSchema:property in type definition in lenient mode\n  - XmpParsingException: Unknown property value type : Open Choice of Integer\n  - XmpParsingException: Property \u0027CountryCode\u0027 not defined in http://www.epo.org/patent-bibliographic-data/1.0/\n  - date \"0-00-00T00:00:00-04:00\" read as \"0002-11-30T00:00:00-40:00\"\n  - XmpParsingException: Type \u0027stRef:documentName\u0027 not defined in http://ns.adobe.com/xap/1.0/sType/ResourceRef# in\n    lenient mode\n  - Invalid PDF/A namespace definition, prefix: xmlns, namespace: http://www.aiim.org/pdfa/ns/extension/\n    http://www.aiim.org/pdfa/ns/extension/, property: pdfaExtension:schemas\n  - NegativeArraySizeException in PredictorOutputStream()\n  - NullpointerException in PDAcroForm.getField(Line 485)\n  - OutOfMemoryError when trying to extract text from pdf\n  - Outlines circular reference vulnerability\n  - Rendered text missing\n  - Inverted images due to enlarged decode array\n  - PDF displays garbled characters in Adobe Reader but renders correctly in web browsers\n  - NullPointerException while merging PDFs with output intents\n  - Valid XMP Extension Schema rejected\n  - Remove dead code from PDFMarkedContentExtractor\n  - Include test file in test class\n  - Get and Add PageTextSchema\n  - Remove / deprecate TypeMapping.getAssociatedSchemaObject()\n  - Support Seq / Bag mixup in lenient mode\n  - Parse xmp files in lenient mode that have no processing instructions\n  - deprecate getPDFIdentificationSchema() in favor of getPDFAIdentificationSchema()\n  - Support TIFF-files with FillOrder=2 conversion to PDF\n  - Remove / deprecate unused parts of PDIndexed\n  - modernize rat exclusions\n- Version 2.0.35:\n  - NegativeArraySizeException with PDF file with huge fonts\n  - Inline image bug with multi-byte newline tokens\n  - fix initial ByteArrayOutputStream size for deflate operation\n  - PDF takes an hour to render\n  - Splitter does not include structure tree in documents past the first split\n  - build fails on jdk11\n  - Load a TTF font which is from Mac OS throw an exception\n  - Wrong glyphs since PDFBOX-5790\n  - ClassCastException on broken file in PDEmbeddedFilesNameTreeNode.convertCOSToPD()\n  - invalid XMP generated when Apache Xalan in the classpath\n  - XMP JobType constructor ignores fieldPrefix\n  - NullPointerException in xmpbox serializer if a date is empty\n  - Rendering issue with type 2 shading: vertical expansion\n  - Possible infinite loop in shading code\n  - Potential OOM in XrefStreamParser\n  - Potential StackOverflow in PDFStreamParser\n  - Potential StackOverflow in PDPageTree\u0027s getInheritableAttribute\n  - Potential OOM in Type1Lexer\n  - Potential OOM in PfbParser\n  - PDMarkedContentReference.setMCID() should not accept negative numbers\n  - IllegalPathStateException: missing initial moveto in path definition\n  - Fix possible ClassCastException\n  - NullPointerException in COSDictionary\n  - StringIndexOutOfBoundsException in PlainText$Paragraph.getLines()\n  - LZWFilter crashes, probably not handling the KwKwK special case\n  - NullPointerException in PDNumberTreeNode.getNumbers()\n  - UnsupportedOperationException: JPX color spaces don\u0027t support drawing\n  - Signing tries to set byteRange of old signature (2)\n  - ClassCastException in PDOptionalContentProperties.getBaseState()\n  - Add test for embedded files\n  - set size for ByteArrayOutputStreams\n  - avoid creation of temporary objects when parsing hex values\n  - avoid unnecessary map lokups\n  - remove unnecessary iteration and StringBuilder creation\n  - Support reverse landscape orientation for printing\n  - Add test coverage for orphan annotation\n  - Remove orphan popup parent annotation\n  - Improve XmpSerializer test by verifying its output\n  - Consider rotation of page when applying overlay\n  - Preserve Perms dictionary when signing\n  - Check /ParentTree against /K tree\n  - Add test for 5521\n  - Refactor RC4Cipher\n  - Regression tests for 2.0.35\n- Version 2.0.34:\n  - PageDrawer is not rendering unrotatable Annotations on rotated pages\n  - Zero-width non-joiner characters visible in generated PDF\n  - Surrogate pairs with combining diacritics are incorrectly ordered on text extraction\n  - TestCreateSignature.testCreateSignedTimeStamp checkLTV build test fail (2) / Support several issuers\n  - IllegalArgumentException: Width (0) and height (0) must be non-zero\n  - Merge docs with specific characteristics causes stack overflow - InvalidKeyException: Supplied key\n   (sun.security.ec.ECPrivateKeyImpl) is not a RSAPrivateKey\n  - Can\u0027t read the embedded Type1 font: Found Token[kind=NAME,text=def] but expected begin\n  - Wrong size entry in trailer after incremental save\n  - FileSystemFontProvider doesn\u0027t register failed type1 fonts\n  - Text annotation crosshair symbol too small when using Adobe symbol font\n  - Orphan /OpenAction destination page kept in merge\n  - PDFRenderer causes endless loop\n  - Invalid stream length: 0, stream start position: \u003cxxx\u003e\n  - Inline image incorrectly parsed (2)\n  - IllegalArgumentException: Not a valid Unicode code point: 0xE28496\n  - Type 3 font glyphs not displayed\n  - Rendered PDF is missing shading pattern graphics\n  - NPE during merge\n  - Class cast exception in building PDDestinationNameTreeNode\n  - DomXmpParser incorrectly expects namespaces on attribute level\n  - BDC processor mishandles property name\n  - Can\u0027t render some Type1C fonts.\n  - PDF to Image conversion results in a blank white page\n  - Implement PDFormXObject.setGroup()\n  - CertificateVerifier.isSelfSigned() should not throw an exception\n  - Use Zapf Dingbats code for cross text annotation\n  - Support PushPin, Tag and Graph file attachment annotation icons\n  - Improve PDFMergerUtility memory footprint\n  - Support rare RC4 encryption where R=4, key length \u003c 128 bits\n  - Improve checkWithNumberTree() test\n  - Use SHA256 instead of MD5 for document id\n- Version 2.0.33:\n  - Character positions shifted\n  - Incorrectly extracted text (broken words)\n  - Wrong color of uncolored tiling pattern\n  - OutOfMemoryError - during renderImageWithDPI\n  - BaseParser fails when a number is followed by a string starting with \u0027e\u0027\n  - Type3 font is not rendered\n  - Flattening removes all annotations when widget annotation has no page\n  - Image lost on page render\n  - extra whitespaces when extracting Arabic text\n  - SMaskInData not supported for JPX images\n  - Kid Widget /DA is ignored in setDefaultAppearance() call\n  - Radio button can\u0027t be set\n  - the PDDocument.documentId does not seem to be written into the flat byteStream\n  - PDFBox is unable to remove ID\n  - Fix last step of the build process\n  - StringIndexOutOfBoundsException in AppearanceGeneratorHelper\n  - ClassCastException in SetLineJoinStyle.process()\n  - Unable to load password protected pdf\n  - PDFBox not extracting text of non-latin languages(tamil, bengali) properly but adobe reader\u0027s save as text does\n  - Checkstyle\n  - [PATCH] Detect CMYK image without relying on metadata\n  - Regression from PDFBOX-5841: Text extraction with rotation magic fails for PDF with multiple content streams in a\n    page\n  - PDF render blank page: The end of the stream doesn\u0027t point to the correct offset, using workaround to read the\n    stream, stream start position: 196, length: 0, expected end position: 196\n  - CVE for Lucene libraries\n  - The pattern created with PDFBox shows inconsistent colors between Safari and Adobe.\n  - BDC sequence with resource reference instead of with MCID\n  - StackOverflowError in PDFieldFactory.findFieldType\n  - ClassCastException in AnnotationValidator\n  - The CPU usage of a PDF file with a size of 85.6 MB is abnormal\n  - Many ZapfDingbats symbols do not appear when page is rendered.\n  - IOException when reading isolated \"+\"\n  - IllegalArgumentException: capacity \u003c 0: (-75475220 \u003c 0) in RandomAccessReadBuffer constructor\n  - FontBox spawns a `cmd` subprocess to read an environment variable (on Windows)\n  - Implement PDF 2.0 dash phase clarification (2)\n  - Particular PDF fails on renderImageWithDPI call\n  - PDType0Font return invalid space width\n  - Icons of text annotations sometimes too large\n  - Orphan page check doesn\u0027t check annotation destinations\n  - NPE in COSArray.indexOfObject\n  - NPE in PagePane.mouseMoved()\n  - ArrayIndexOutOfBoundsException in CMap.toInt()\n  - Show ASN.1 decoded Contents for Signature-Dictionary\n  - Exchange hard-coded values for variables and provide command-line options in TextToPDF component\n  - Long rendering time of fonts in a specific PDF\n  - Support imageio-jnr / imageio-openjpeg library for JPEG2000 decoding\n  - Improve ExtractTTFFonts\n  - Change Loglevel from Warn to info when rebuilding font cache\n  - Support OCG visibility expressions\n  - Add page getter/setter to PDObjectReference\n  - Support long values for COSInteger objects\n  - Empty constructor for PDViewerPreferences\n  - Add check of /P to PDFMergerUtilityTest\n  - support Markdown extraction from the command line\n  - Calculate dpi dynamically when printing with raster\n  - Remove orphan annotations in structure tree\n  - Add font name to PrintTextLocations\n  - Improve detection whether printing or viewing\n  - Hi CPU and memory usage when converting a PDF with type 4 shading\n  - 2.0 builds fail on jenkins because jdk11 no longer supported\n- Version 2.0.32:\n  - preflight-app fails on Java 11+ with NoClassDefFoundError: javax/activation/DataSource\n  - AppearanceGeneratorHelper assumes fontscale 1000\n  - Remove release subproject\n  - Don\u0027t use a predefined CMap if a ToUnicode CMap is present\n  - Regression NPE in Splitter\n  - The content of the specified font is lost, Google Chrome can display it\n  - Crash for Softmask with incorrect backdrop color components\n  - Observable Timing Discrepancy (Timing Attack)\n  - Black rectangle over image\n  - Wrong font substitution for Wingdings\n  - PDDocument#importPage slowed down by factor 1300\n  - Split aborts with broken destinations\n  - IllegalArgumentException: Parameter must be 1-based, but is 0 when using PDFTextStripperByArea\n  - Files created with PDFMergerExample are not correct PDF/A\n  - Missing /Subtype and /Type in Metadata not detected\n  - Multiple exceptions coming from org.apache.fontbox.ttf for different PDFs\n  - IOException: Error expected floating point numberactual=\u0027-12.-1\u0027\n  - NullPointerException: Cannot invoke \"String.codePointAt(int)\" because \"uni\" is null\n  - DomXmpParser - IllegalArgumentException: prefix cannot be \"null\" when creating a QName\n  - ClassCastException: org.apache.pdfbox.cos.COSNull cannot be cast to org.apache.pdfbox.cos.COSDictionary\n  - IllegalArgumentException: Width (26) and height (0) must be non-zero\n  - There is an exception when getting embedded font, is it compatible?\n  - Infinite loop after splitting and saving PDF / giant result files\n  - JPEGFactory. Reduce logging severity when no image metadata is present\n  - Add test for surrogate pair character \u00f0\u00a9 \u03271\u20442\n  - Update unicode Scripts.txt\n  - Include a PDFA check with VeraPDF for CreatePDFATest\n  - Add center constructor parameter to PDFPageable and to pdfbox-app\n  - When splitting, keep named page destinations that are part of target document(s)\n  - When this PDF is rendered with the \"f\" Operator, a black screen appears.\n  - Investigate why we get \"response contains wrong nonce value\" during build tests\n- Version 2.0.31:\n  - [PATCH] Split pdf lose accessibility tags\n  - Allow creating of PDFXObjectImage without accessing to the image stream\n  - PfbParser fails to parse PFB font with multiple binary records.\n  - Lines vanish when printing on MacOS\n  - java.lang.IllegalArgumentException: Provided dictionary is not of type \u0027COSName{OCG}\u0027\n  - The embedded font DroidSansFallbackFull reports an error when parsing, and finally uses lastResortFont, resulting in\n    garbled fonts.\n  - COSName caches already cached hashCode\n  - Font operation takes a long time with 3.0.1\n  - NullPointerException in TTFSubsetter.buildPostTable()\n  - Problem converting PDF to image (java.awt.color.CMMException: Can not access specified profile)\n  - Set the default value for PDNonTerminalField\n  - java.lang.ArrayIndexOutOfBoundsException Bug Report\n  - Wrong colors in PDF since PDFBOX-5488\n  - Java 7 support on 2.0\n  - Convert to image exception\n  - PDF conversion in this format is very slow. Is there any room for optimization?\n  - IllegalArgumentException: -Infinity is not a finite number\n  - Inconsistent signature page handling when signing in existing  signature fields\n  - Add leading \"0\" for octal values in MacOSRomanEncoding\n  - DataFormatException: invalid distance too far back\n  - Grayscale JPEG rendered multicolor\n  - OutOfMemoryError in FileSystemFontsProvider.scanFonts\n  - NPE in PageDrawer.getPaint()\n  - Issue with embedded Font and descendant Font\n  - LCMS error 13: Mismatched alpha channels\n  - Enable Native Markdown Extraction in Apache PDFBox\n  - When splitting, keep page destinations that are part of target document(s)\n  - Replace Exception with some repair attempt\n- Version 2.0.30:\n  - Regression unicode mapping in Korean document\n  - Operators \"q\" and \"Q\" should also preserve text matrices\n  - Signature Image not Rendered starting with PDFBox 2.0.23\n  - Fonts are not subsetted when saving incrementally\n  - Bug in PDFMergerUtility#mergeFields\n  - Password protected PDF opens in GUI apps but PDFbox says invalid password\n  - Wrong error message \"2.4.1 : Invalid Color space, The operator \"rg\" can\u0027t be used with CMYK Profile\"\n  - Make FDF annotations more compliant with the specification\n  - NPE in DomXmpParser.parseLiDescription\n  - Regression: NoSuchElementException in PDFXrefStreamParser\n  - The PageDrawer.strokePath method is blocked, and cpu100%\n  - Avoid NPE when processing CFF2 based fonts\n  - IllegalArgumentException: Dimensions (width=458477041 height=26) are too large\n  - Can not see checkbox check\n  - NPE when converting pdf to image.\n  - NullPointerException in XMPMetadata.getSchema()\n  - PDFToImage might not correctly detect unsupported image formats\n  - Font cache isn\u0027t effective on my machine, always rebuilds\n  - PDF to Image conversion results in different converted image\n  - Text in a certain font is lost when converting pdf to image\n  - Incorrect colors in image from PDFs (DCTDecode)\n  - Inconsistent/incomplete PDF rendering\n  - Improve code quality (4)\n  - Add PDRectangle#TABLOID paper size\n  - Support version 0.5 of MaximumProfileTable\n  - loca-table isn\u0027t mandatory for TTF/OTF-fonts using CFF outlines\n  - Implement PDF 2.0 dash phase clarification\n  - Add getter and setter for the CO array under PDAcroForm\n  - Make UTC timezone static\n  - Facilitate migration to PDFBox 3.0\n  - Consolidate bouncycastle configuration\n  - Consistent scm.url values for pom.xml\n  - use comparison operators for enums\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLES-16.0-905",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22088-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:22088-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622088-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:22088-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047309.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1262046",
        "url": "https://bugzilla.suse.com/1262046"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-3392 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-3392/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-33929 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-33929/"
      }
    ],
    "title": "Security update for apache-pdfbox",
    "tracking": {
      "current_release_date": "2026-06-08T14:37:26Z",
      "generator": {
        "date": "2026-06-08T14:37:26Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:22088-1",
      "initial_release_date": "2026-06-08T14:37:26Z",
      "revision_history": [
        {
          "date": "2026-06-08T14:37:26Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-pdfbox-2.0.36-160000.1.1.noarch",
                "product": {
                  "name": "apache-pdfbox-2.0.36-160000.1.1.noarch",
                  "product_id": "apache-pdfbox-2.0.36-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch",
                "product": {
                  "name": "apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch",
                  "product_id": "apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server 16.0",
                  "product_id": "SUSE Linux Enterprise Server 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-pdfbox-2.0.36-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch"
        },
        "product_reference": "apache-pdfbox-2.0.36-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch"
        },
        "product_reference": "apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-pdfbox-2.0.36-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch"
        },
        "product_reference": "apache-pdfbox-2.0.36-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch"
        },
        "product_reference": "apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-3392",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-3392"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-3392",
          "url": "https://www.suse.com/security/cve/CVE-2026-3392"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-08T14:37:26Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-3392"
    },
    {
      "cve": "CVE-2026-33929",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-33929"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Apache PDFBox Examples.\n\nThis issue affects the \nExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7.\n\n\nUsers are recommended to update to version 2.0.37 or 3.0.8 once \navailable. Until then, they should apply the fix provided in GitHub PR \n427.\n\nThe ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn\u0027t consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with  /home/ABC, e.g.  \"/home/ABCDEF\".\n\nUsers who have copied this example into their production code should apply the mentioned change. The example \nhas been changed accordingly and is available in the project repository.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-33929",
          "url": "https://www.suse.com/security/cve/CVE-2026-33929"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262046 for CVE-2026-33929",
          "url": "https://bugzilla.suse.com/1262046"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-2.0.36-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:apache-pdfbox-javadoc-2.0.36-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-08T14:37:26Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-33929"
    }
  ]
}

WID-SEC-W-2026-1687

Vulnerability from csaf_certbund - Published: 2026-05-26 22:00 - Updated: 2026-05-26 22:00

Summary

IBM License Metric Tool: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Das IBM License Metric Tool dient der Lizenzverwaltung für IBM Produkte.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM License Metric Tool ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2024-26141

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2024-29371

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2024-34459

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2025-14917

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2025-14923

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2025-62718

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2025-6490

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-0636

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-1561

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22007

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22008

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22013

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22016

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22018

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22021

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-23865

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-23907

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-26961

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33168

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33169

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33170

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33173

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33174

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33176

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33195

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33202

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33929

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34230

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34268

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34282

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34763

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34785

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34786

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34826

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34829

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34830

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34831

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-35611

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42033

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42034

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42035

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42036

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42037

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42038

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42039

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42040

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42041

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42042

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42043

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42044

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42264

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-5588

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-6918

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7273983	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das IBM License Metric Tool dient der Lizenzverwaltung f\u00fcr IBM Produkte.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM License Metric Tool ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1687 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1687.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1687 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1687"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7273983 vom 2026-05-26",
        "url": "https://www.ibm.com/support/pages/node/7273983"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM License Metric Tool: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2026-05-26T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-27T11:20:42.217+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1687",
      "initial_release_date": "2026-05-26T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-26T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.2",
                "product": {
                  "name": "IBM License Metric Tool 9.2",
                  "product_id": "T031605",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:license_metric_tool:9.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "License Metric Tool"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-26141",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2024-26141"
    },
    {
      "cve": "CVE-2024-29371",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2024-29371"
    },
    {
      "cve": "CVE-2024-34459",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2024-34459"
    },
    {
      "cve": "CVE-2025-14917",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2025-14917"
    },
    {
      "cve": "CVE-2025-14923",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2025-14923"
    },
    {
      "cve": "CVE-2025-62718",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2025-62718"
    },
    {
      "cve": "CVE-2025-6490",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2025-6490"
    },
    {
      "cve": "CVE-2026-0636",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-0636"
    },
    {
      "cve": "CVE-2026-1561",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-1561"
    },
    {
      "cve": "CVE-2026-22007",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22007"
    },
    {
      "cve": "CVE-2026-22008",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22008"
    },
    {
      "cve": "CVE-2026-22013",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22013"
    },
    {
      "cve": "CVE-2026-22016",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22016"
    },
    {
      "cve": "CVE-2026-22018",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22018"
    },
    {
      "cve": "CVE-2026-22021",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22021"
    },
    {
      "cve": "CVE-2026-23865",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-23865"
    },
    {
      "cve": "CVE-2026-23907",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-23907"
    },
    {
      "cve": "CVE-2026-26961",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-26961"
    },
    {
      "cve": "CVE-2026-33168",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33168"
    },
    {
      "cve": "CVE-2026-33169",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33169"
    },
    {
      "cve": "CVE-2026-33170",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33170"
    },
    {
      "cve": "CVE-2026-33173",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33173"
    },
    {
      "cve": "CVE-2026-33174",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33174"
    },
    {
      "cve": "CVE-2026-33176",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33176"
    },
    {
      "cve": "CVE-2026-33195",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33195"
    },
    {
      "cve": "CVE-2026-33202",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33202"
    },
    {
      "cve": "CVE-2026-33929",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33929"
    },
    {
      "cve": "CVE-2026-34230",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34230"
    },
    {
      "cve": "CVE-2026-34268",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34268"
    },
    {
      "cve": "CVE-2026-34282",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34282"
    },
    {
      "cve": "CVE-2026-34763",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34763"
    },
    {
      "cve": "CVE-2026-34785",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34785"
    },
    {
      "cve": "CVE-2026-34786",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34786"
    },
    {
      "cve": "CVE-2026-34826",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34826"
    },
    {
      "cve": "CVE-2026-34829",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34829"
    },
    {
      "cve": "CVE-2026-34830",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34830"
    },
    {
      "cve": "CVE-2026-34831",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34831"
    },
    {
      "cve": "CVE-2026-35611",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-35611"
    },
    {
      "cve": "CVE-2026-42033",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42033"
    },
    {
      "cve": "CVE-2026-42034",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42034"
    },
    {
      "cve": "CVE-2026-42035",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42035"
    },
    {
      "cve": "CVE-2026-42036",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42036"
    },
    {
      "cve": "CVE-2026-42037",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42037"
    },
    {
      "cve": "CVE-2026-42038",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42038"
    },
    {
      "cve": "CVE-2026-42039",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42039"
    },
    {
      "cve": "CVE-2026-42040",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42040"
    },
    {
      "cve": "CVE-2026-42041",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42041"
    },
    {
      "cve": "CVE-2026-42042",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42042"
    },
    {
      "cve": "CVE-2026-42043",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42043"
    },
    {
      "cve": "CVE-2026-42044",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42044"
    },
    {
      "cve": "CVE-2026-42264",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42264"
    },
    {
      "cve": "CVE-2026-5588",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-5588"
    },
    {
      "cve": "CVE-2026-6918",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-6918"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-33929 (GCVE-0-2026-33929)

FKIE_CVE-2026-33929

GHSA-GCJ8-76P4-G2FQ

SUSE-SU-2026:22088-1

WID-SEC-W-2026-1687

Tags

Sightings

Nomenclature