CVE-2025-26240

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.4 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files.

Vulnerability Details

Published Date

June 17, 2026

Last Modified

June 17, 2026

CWE ID

CWE-120

Source

NVD

External References

https://habuon.github.io/2025/03/12/pdfkit-vulnerability-%28CVE-2025-26240%29.html
https://www.csirt.gov.sk/the-python-pdfkit-library-vulnerability.html
https://habuon.github.io/2025/03/12/pdfkit-vulnerability-%28CVE-2025-26240%29.html

CVE-2025-26240

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment