CVE-2026-24043— jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-24043
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)
Source: NVD (National Vulnerability Database)
Vulnerability Description
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or otherwise processed after, the integrity of the PDF can no longer be guaranteed. The vulnerability has been fixed in jsPDF@4.1.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
jsPDF 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
jsPDF是Parallax开源的一款基于JavaScript的PDF文档生成库。 jsPDF 4.1.0之前版本存在注入漏洞,该漏洞源于addMetadata函数的第一个参数允许用户注入任意XML,可能破坏PDF完整性。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-24043
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-24043
请登录查看更多情报信息。
Same Patch Batch · parallax · 2026-02-02 · 4 CVEs total
| CVE-2026-24737 | 8.1 HIGH | jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Executi |
| CVE-2026-24040 | jsPDF has a Shared State Race Condition in addJS Plugin | |
| CVE-2026-24133 | jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder |
IV. Related Vulnerabilities
Same product: jsPDF
- CVE-2026-31938
jsPDF has HTML Injection in New Window paths - CVE-2026-31898
jsPDF has a PDF Object Injection via FreeText color - CVE-2026-25940
jsPDF's PDF Injection in AcroForm module allows Arbitrary Ja - CVE-2026-25755
jsPDF has PDF Object Injection via Unsanitized Input in addJ - CVE-2026-25535
jsPDF Affected by Client-Side/Server-Side Denial of Service
Same vendor: parallax
- CVE-2026-31938
jsPDF has HTML Injection in New Window paths - CVE-2026-31898
jsPDF has a PDF Object Injection via FreeText color - CVE-2026-25940
jsPDF's PDF Injection in AcroForm module allows Arbitrary Ja - CVE-2026-25755
jsPDF has PDF Object Injection via Unsanitized Input in addJ - CVE-2026-25535
jsPDF Affected by Client-Side/Server-Side Denial of Service
Same weakness: CWE-74
- CVE-2025-67486
Dolibarr has an Authenticated Remote Code Execution via eval - CVE-2026-26164
M365 Copilot Information Disclosure Vulnerability - CVE-2026-7045
baomidou dynamic-datasource StandardEvaluationContext/SpelEx - CVE-2026-6994
Envoy Query Parameter header_mutation.cc params.add injectio - CVE-2026-41319
MailKit has STARTTLS Response Injection via unflushed stream
V. Comments for CVE-2026-24043
No comments yet