CVE-2026-23907

{"id": "CVE-2026-23907", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-03-10T18:18:16.960", "references": [{"url": "https://github.com/JoakimBulow/", "tags": ["Not Applicable"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/gyfq5tcrxfv7rx0z2yyx4hb3h53ndffw", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2026/03/10/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "This issue affects the \nExtractEmbeddedFiles example in\u00a0Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6.\n\n\nThe ExtractEmbeddedFiles example contains a path traversal vulnerability (CWE-22) because \nthe filename that is obtained from \nPDComplexFileSpecification.getFilename() is appended to the extraction path.\n\nUsers who have copied this example into their production code should \nreview it to ensure that the extraction path is acceptable. The example \nhas been changed accordingly, now the initial path and the extraction \npaths are converted into canonical paths and it is verified that \nextraction path contains the initial path. The documentation has also \nbeen adjusted."}, {"lang": "es", "value": "Este problema afecta al ejemplo ExtractEmbeddedFiles en Apache PDFBox: desde 2.0.24 hasta 2.0.35, desde 3.0.0 hasta 3.0.6.\n\nEl ejemplo ExtractEmbeddedFiles contiene una vulnerabilidad de salto de ruta (CWE-22) porque el nombre de archivo que se obtiene de PDComplexFileSpecification.getFilename() se a\u00f1ade a la ruta de extracci\u00f3n.\n\nLos usuarios que han copiado este ejemplo en su c\u00f3digo de producci\u00f3n deber\u00edan revisarlo para asegurarse de que la ruta de extracci\u00f3n es aceptable. El ejemplo ha sido modificado en consecuencia, ahora la ruta inicial y las rutas de extracci\u00f3n se convierten en rutas can\u00f3nicas y se verifica que la ruta de extracci\u00f3n contiene la ruta inicial. La documentaci\u00f3n tambi\u00e9n ha sido ajustada."}], "lastModified": "2026-03-13T16:45:28.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C68269E-0203-4CC0-A46A-79EE0707D72B", "versionEndIncluding": "2.0.35", "versionStartIncluding": "2.0.24"}, {"criteria": "cpe:2.3:a:apache:pdfbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C8FF3B3-3A97-4F50-BCDE-8EEA175F4C61", "versionEndIncluding": "3.0.7", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}