CVE-2026-23907

🗓️ 10 Mar 2026 09:43:40Reported by apacheType

CVE-2026-23907: PDFBox ExtractEmbeddedFiles path traversal fixed by canonical and validated paths.

Reporter	Title	Published	Views	Family All 22
ATTACKERKB	CVE-2026-33929	14 Apr 202608:09	–	attackerkb
ATTACKERKB	CVE-2026-23907	10 Mar 202609:43	–	attackerkb
CNNVD	Apache PDFBox 路径遍历漏洞	10 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-23907 Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code	10 Mar 202609:43	–	cvelist
Debian CVE	CVE-2026-23907	10 Mar 202609:43	–	debiancve
EUVD	EUVD-2026-10480	10 Mar 202618:31	–	euvd
EUVD	EUVD-2026-10481	10 Mar 202618:31	–	euvd
EUVD	EUVD-2026-22229	14 Apr 202608:09	–	euvd
Github Security Blog	Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function	10 Mar 202618:31	–	github
NVD	CVE-2026-23907	10 Mar 202618:18	–	nvd

NVD

Vulners

Node

apache pdfboxRange2.0.24–2.0.35

apache pdfboxRange3.0.0–3.0.7

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.pdfbox:pdfbox-examples",
    "product": "Apache PDFBox Examples",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.0.35",
        "status": "affected",
        "version": "2.0.24",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "3.0.6",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/JoakimBulow/
lists	www.lists.apache.org/thread/gyfq5tcrxfv7rx0z2yyx4hb3h53ndffw
openwall	www.openwall.com/lists/oss-security/2026/03/10/1

13 Mar 2026 16:45Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.3

EPSS0.00047

SSVC

CWE-22