CVE-2026-41168
published 2026-04-22CVE-2026-41168: pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.30%
21.3th percentile
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong large `/N` values. This has been fixed in pypdf 6.10.1. As a workaround, one may apply the changes from the patch manually.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform-25 | lightspeed-chatbot-rhel8 | — | — |
| lightspeed-core | rag-tool-rhel9 | — | — |
| openshift-lightspeed-tech-preview | lightspeed-rag-tool-rhel9 | — | — |
| openshift-lightspeed | lightspeed-ocp-rag-rhel9 | — | — |
| py-pdf | pypdf | < 6.10.1 | 6.10.1 |
| pypdf_project | pypdf | < 6.10.1 | 6.10.1 |
| quay | quay-rhel8 | — | — |
| quay | quay-rhel9 | — | — |
| rhelai3 | bootc-cuda-rhel9 | — | — |
| rhelai3 | bootc-rocm-rhel9 | — | — |
| rhelai3 | disk-image-cuda-rhel9 | — | — |
| rhoai | odh-llama-stack-core-rhel9 | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
pypdf: pypdf: Denial of Service via crafted PDF with oversized streams
vendor_redhat·2026-04-22·CVSS 6.9
CVE-2026-41168 [MEDIUM] CWE-1284 pypdf: pypdf: Denial of Service via crafted PDF with oversized streams
pypdf: pypdf: Denial of Service via crafted PDF with oversized streams
A flaw was found in pypdf. An attacker can craft a malicious PDF file containing oversized cross-reference streams or object streams. Processing such a file can lead to excessively long runtimes, resulting in a Denial of Service (DoS) for applications using the pypdf library.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Package: lightspeed-core/rag-tool-rhel9 (Lightspeed Core) - Fix deferred
Package: openshift-lightspeed/lightspeed-ocp-rag-rhel9 (OpenShift Lightspeed) - Fix deferred
Package: openshift-lightspeed-tech
VulDB
py-pdf pypdf up to 6.10.0 Object Stream Size iteration (GHSA-jj6c-8h6c-hppx / Nessus ID 316727)
vuldb·2026-05-26·CVSS 6.9
CVE-2026-41168 [MEDIUM] py-pdf pypdf up to 6.10.0 Object Stream Size iteration (GHSA-jj6c-8h6c-hppx / Nessus ID 316727)
A vulnerability marked as problematic has been reported in py-pdf pypdf up to 6.10.0. The impacted element is an unknown function of the component Object Stream Handler. The manipulation of the argument Size leads to excessive iteration.
This vulnerability is traded as CVE-2026-41168. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
No detection rules found.
No public exploits indexed.
2026-04-22
Published