{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25755", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-05T18:35:52.357Z", "datePublished": "2026-02-19T14:41:46.941Z", "dateUpdated": "2026-02-19T17:36:10.677Z"}, "containers": {"cna": {"title": "jsPDF has PDF Object Injection via Unsanitized Input in addJS Method", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-116", "lang": "en", "description": "CWE-116: Improper Encoding or Escaping of Output", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp"}, {"name": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437", "tags": ["x_refsource_MISC"], "url": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437"}, {"name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md", "tags": ["x_refsource_MISC"], "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md"}, {"name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"}], "affected": [{"vendor": "parallax", "product": "jsPDF", "versions": [{"version": "< 4.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-19T15:26:05.745Z"}, "descriptions": [{"lang": "en", "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method."}], "source": {"advisory": "GHSA-9vjf-qc39-jprp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T17:07:08.992065Z", "id": "CVE-2026-25755", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T17:36:10.677Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25755", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-19T17:07:08.992065Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T17:07:10.704Z"}}], "cna": {"title": "jsPDF has PDF Object Injection via Unsanitized Input in addJS Method", "source": {"advisory": "GHSA-9vjf-qc39-jprp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "parallax", "product": "jsPDF", "versions": [{"status": "affected", "version": "< 4.2.0"}]}], "references": [{"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp", "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437", "name": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md", "name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-116", "description": "CWE-116: Improper Encoding or Escaping of Output"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-19T15:26:05.745Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25755", "state": "PUBLISHED", "dateUpdated": "2026-02-19T17:36:10.677Z", "dateReserved": "2026-02-05T18:35:52.357Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-19T14:41:46.941Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method."}], "id": "CVE-2026-25755", "lastModified": "2026-02-19T15:52:39.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-19T15:16:12.303", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md"}, {"source": "security-advisories@github.com", "url": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437"}, {"source": "security-advisories@github.com", "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-116"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "jsPDF: PDF object injection via unsanitized input in addJS method", "id": "2440993", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440993"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-94", "details": ["A flaw was found in jsPDF. The addJS method accepts user input without proper sanitization, allowing an attacker to inject arbitrary PDF objects into the document. A specially crafted payload that escapes the JavaScript string delimiter can execute malicious actions or alter the document structure, resulting in arbitrary code execution when a user opens a PDF with a viewer that supports embedded scripts."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, sanitize the user-provided JavaScript code before passing it to the addJS method by strictly escaping backslashes and parentheses."}, "name": "CVE-2026-25755", "package_state": [{"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}], "public_date": "2026-02-19T14:41:46Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25755\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25755\nhttps://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md\nhttps://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437\nhttps://github.com/parallax/jsPDF/releases/tag/v4.2.0\nhttps://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp"], "statement": "To exploit this flaw, an attacker must be able to supply a specially crafted payload to the application using the addJS method and convince a user to open the generated PDF document with a viewer that supports embedded scripts. Due to these reasons, this vulnerability has been rated with an important severity.", "threat_severity": "Important"}

{}