CVE-2026-48735
ADVISORY - githubSummary
Impact
An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements.
Patches
This has been fixed in pypdf==6.12.1.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3796.
EPSS Score: 0.0013 (0.030)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Allocation of Resources Without Limits or Throttling
ADVISORY - github
Allocation of Resources Without Limits or Throttling
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-48735
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.9mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-wjqc-6w8f-h24c
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.9mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2026-48735
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-48735
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.5mediumminimos
CREATED
UPDATED
ADVISORY ID
MINI-g9cx-qpp7-hph9
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-h4fq-f8w7-63c8
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-j66g-c5wj-j9h6
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-jmfp-mw69-fwx6
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-vhmh-26x8-5m45
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-