CVE-2026-41313 — Vulnetix

CVE-2026-41313 PUBLISHED CVSS 4.800000190734863 MEDIUM

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.

EPSS 0.03% · 7.5th percentile

Risk Scores

CVSS v4.0

4.800000190734863

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS Score

0.03%

7.5th percentile

Affected Products

Vendor	Product	Versions
py-pdf	pypdf	< 6.10.2

Timeline

Apr 16, 2026 CVE Published
Apr 23, 2026 Security Advisory
Apr 23, 2026 CVE Updated
May 18, 2026 EPSS Score
May 19, 2026 EPSS Score
May 20, 2026 EPSS Score
May 21, 2026 EPSS Score
May 22, 2026 EPSS Score
May 23, 2026 EPSS Score
May 24, 2026 EPSS Score
May 25, 2026 EPSS Score
May 26, 2026 EPSS Score

References

https://github.com/py-pdf/pypdf/security/advisories/GHSA-4pxv-j86v-mhcw url
https://github.com/py-pdf/pypdf/pull/3735 url
https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a url
https://github.com/py-pdf/pypdf/releases/tag/6.10.2 url

Open in Interactive Console →