CVE-2026-48156
ADVISORY - githubSummary
Impact
An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values.
Patches
This has been fixed in pypdf==6.12.0.
Workarounds
If developers are unable to upgrade their apps immediately, they should consider applying the changes from PR #3791.
EPSS Score: 0.00124 (0.025)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Excessive Iteration
ADVISORY - github
Excessive Iteration
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-48156
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.1mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-248m-82v9-q6g6
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.1mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2026-48156
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-48156
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
3.3mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-x6mr-xmmc-rx34
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-5hv5-9w6g-x6w8
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-c5gj-p2gw-3r85
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-fjwm-rvhc-7mmg
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-rp34-9xjp-cx48
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-x695-p472-c424
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-