CVE-2026-3778

Name of the Vulnerable Software and Affected Versions Multiple / Unspecified Products (affected versions not specified)

Description The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.