PT-2026-50449 · Undefined · Undefined

Published

2026-06-17

Updated

2026-06-17

CVE-2025-26240

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In JazzCore python-pdfkit 1.0.0, the from string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2025-26240

Affected Products

Undefined

PT-2026-50449 · Undefined · Undefined

CVE-2025-26240

Weakness Enumeration

Related Identifiers

Affected Products

References · 2