CVE-2026-31898— jsPDF has a PDF Object Injection via FreeText color
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-31898
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
jsPDF has a PDF Object Injection via FreeText color
Source: NVD (National Vulnerability Database)
Vulnerability Description
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with the `createAnnotation`: `color` parameter. The vulnerability has been fixed in jsPDF@4.2.1. As a workaround, sanitize user input before passing it to the vulnerable API members.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对输出编码和转义不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
jsPDF 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
jsPDF是Parallax开源的一款基于JavaScript的PDF文档生成库。 jsPDF 4.2.1之前版本存在安全漏洞,该漏洞源于用户控制createAnnotation方法的参数可能允许注入任意PDF对象,例如JavaScript操作,可能导致安全问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-31898
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-31898
请登录查看更多情报信息。
- Release v4.2.1 · parallax/jsPDF · GitHubx_refsource_MISC
- Merge commit from fork · parallax/jsPDF@4155c48 · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-31898
IV. Related Vulnerabilities
Same product: jsPDF
- CVE-2026-31938
jsPDF has HTML Injection in New Window paths - CVE-2026-25940
jsPDF's PDF Injection in AcroForm module allows Arbitrary Ja - CVE-2026-25755
jsPDF has PDF Object Injection via Unsanitized Input in addJ - CVE-2026-25535
jsPDF Affected by Client-Side/Server-Side Denial of Service - CVE-2026-24040
jsPDF has a Shared State Race Condition in addJS Plugin
Same vendor: parallax
- CVE-2026-31938
jsPDF has HTML Injection in New Window paths - CVE-2026-25940
jsPDF's PDF Injection in AcroForm module allows Arbitrary Ja - CVE-2026-25755
jsPDF has PDF Object Injection via Unsanitized Input in addJ - CVE-2026-25535
jsPDF Affected by Client-Side/Server-Side Denial of Service - CVE-2026-24040
jsPDF has a Shared State Race Condition in addJS Plugin
Same weakness: CWE-116
- CVE-2026-42810
Apache Polaris: could broaden vended S3 credentials through - CVE-2026-42040
Axios: Null Byte Injection via Reverse-Encoding in AxiosURLS - CVE-2026-40567
FreeScout has HTML Injection in Outgoing Emails via Unsaniti - CVE-2026-6058
Zyxel WRE6505 安全漏洞 - CVE-2026-20136
Cisco Identity Services Engine Authenticated Privilege Escal
V. Comments for CVE-2026-31898
No comments yet