CVE-2026-41580
EUVD-2026-4469115.07.2026, 16:16
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirling-PDF's /get-info-on-pdf endpoint rendered PDF Title and Author metadata fields without proper HTML encoding or sanitization, allowing a crafted PDF to execute attacker-controlled JavaScript in the browser of a user who views the resulting page. This issue is fixed in version 2.0.0.
Awaiting analysis
This vulnerability is currently awaiting analysis.