Stirling Pdf vulnerabilities
3 known vulnerabilities affecting stirling/stirling_pdf.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2026-27625P3MEDIUMCVSS 6.5fixed in 2.5.22026-03-20
CVE-2026-27625 [MEDIUM] CWE-22 CVE-2026-27625: Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In v
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary working directory, leading to arbitrary file write with the
nvd
CVE-2026-33438P3MEDIUMCVSS 6.5≥ 2.1.5, < 2.5.22026-03-26
CVE-2026-33438 [MEDIUM] CWE-770 CVE-2026-33438: Stirling-PDF is a locally hosted web application that allows you to perform various operations on PD
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service (DoS) vulnerability in the Stirling-PDF watermark functionality (`/api/v1/security/add-watermark` endpoint). The vulnerability allows authenticated users to cause resource e
nvd
CVE-2026-34071P4MEDIUMCVSS 6.1v2.7.32026-03-26
CVE-2026-34071 [MEDIUM] CWE-79 CVE-2026-34071: Stirling-PDF is a locally hosted web application that allows you to perform various operations on PD
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a malicious email to a Stirling-PDF user can achieve JavaS
nvd