anonhaven
Ad

CVE-2026-27628

LOW CVSS 4.0: 1.2 EPSS 0.05%
Updated Feb 25, 2026
Pypdf_Project
Parameter Value
CVSS 1.2 (LOW)
Affected Versions before 6.7.2
Fixed In 6.7.2
Type CWE-835
Vendor Pypdf_Project
Public PoC No

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file.

This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Active
User action required

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
Low
Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-835

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Pypdf_Project Pypdf
cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*
 6.7.2

References 3

https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f
security-advisories@github.com
https://github.com/py-pdf/pypdf/issues/3654
security-advisories@github.com
https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33123

Pypdf_Project

5.1

CVE-2026-31826

Python

6.8

CVE-2026-22691

Pypdf_Project

2.7

CVE-2026-22690

Pypdf_Project

2.7

CVE-2025-62708

Pypdf_Project

7.5