PT-2026-2956 · Unknown · Sumatrapdf
Mariorl0
·
Published
2026-01-14
·
Updated
2026-01-15
·
CVE-2026-23512
CVSS v3.1
8.6
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SumatraPDF versions 3.5.2 and earlier
Description
SumatraPDF is a multi-format reader for Windows. A flaw exists due to an Untrusted Search Path when the Advanced Options setting is triggered. The application executes
notepad.exe without specifying an absolute path when using the Advanced Options setting. This allows execution of a malicious notepad.exe placed in the application's installation directory, potentially leading to arbitrary code execution.Recommendations
Versions prior to 3.5.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sumatrapdf