CVE-2026-25880

High CVSS: 7.8

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s system with the privileges of the current user, without any warning or user interaction beyond the menu click.

Vendor

Sumatrapdfreader

Product

Sumatrapdf

CWE

CWE-426

Yayın Tarihi

2026-02-09 22:16:03

Güncelleme

2026-02-23 18:14:13

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-426 Sumatrapdf HIGH Sumatrapdfreader 2026

Referanslar

https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-5x4h-247q-px37

Benzer Kayıtlar

Medium

CVE-2026-25920

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in…

High

CVE-2026-25961

SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS host…

Medium

CVE-2026-23951

SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that on…

High

CVE-2026-23512

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability wh…

High

CVE-2025-57248

A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu fil…