CVE-2026-23907 Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

🗓️ 10 Mar 2026 09:43:40Reported by apacheType

PDFBox ExtractEmbeddedFiles example had a path traversal flaw; now canonical path checks validate extraction.

Reporter	Title	Published	Views	Family All 22
ATTACKERKB	CVE-2026-33929	14 Apr 202608:09	–	attackerkb
ATTACKERKB	CVE-2026-23907	10 Mar 202609:43	–	attackerkb
CNNVD	Apache PDFBox 路径遍历漏洞	10 Mar 202600:00	–	cnnvd
CVE	CVE-2026-23907	10 Mar 202609:43	–	cve
Debian CVE	CVE-2026-23907	10 Mar 202609:43	–	debiancve
EUVD	EUVD-2026-10480	10 Mar 202618:31	–	euvd
EUVD	EUVD-2026-10481	10 Mar 202618:31	–	euvd
EUVD	EUVD-2026-22229	14 Apr 202608:09	–	euvd
Github Security Blog	Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function	10 Mar 202618:31	–	github
NVD	CVE-2026-23907	10 Mar 202618:18	–	nvd

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.pdfbox:pdfbox-examples",
    "product": "Apache PDFBox Examples",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.0.35",
        "status": "affected",
        "version": "2.0.24",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "3.0.6",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/JoakimBulow/
lists	www.lists.apache.org/thread/gyfq5tcrxfv7rx0z2yyx4hb3h53ndffw

10 Mar 2026 17:04Current

EPSS0.00047

CWE-22