EUVD-2026-22229

🗓️ 14 Apr 2026 08:09:39Reported by EUVDType

Path traversal in PDFBox ExtractEmbeddedFiles enables arbitrary path writes; fix in 2.0.37/3.0.8, apply PR 427.

Reporter	Title	Published	Views	Family All 48
IBM Security Bulletins	Security Bulletin: There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33929)	29 May 202608:58	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33929)	29 May 202608:57	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for May 2026	29 May 202610:53	–	ibm
ATTACKERKB	CVE-2026-33929	14 Apr 202608:09	–	attackerkb
ATTACKERKB	CVE-2026-23907	10 Mar 202609:43	–	attackerkb
Circl	CVE-2026-33929	14 Apr 202603:05	–	circl
CNNVD	Apache PDFBox 路径遍历漏洞	10 Mar 202600:00	–	cnnvd
CNNVD	Apache PDFBox 安全漏洞	14 Apr 202600:00	–	cnnvd
CVE	CVE-2026-23907	10 Mar 202609:43	–	cve
CVE	CVE-2026-33929	14 Apr 202608:09	–	cve

[
  {
    "enisaIdVendor": [
      {
        "id": "390309e2-478b-3b76-b064-56efdf727ce0",
        "vendor": {
          "name": "Apache Software Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "9c241727-46ec-34bc-85a4-b898e8f53026",
        "product": {
          "name": "Apache PDFBox Examples"
        },
        "product_version": "2.0.24 ≤2.0.36"
      },
      {
        "id": "defb7ccf-face-30ed-aad9-f9b5f6a685be",
        "product": {
          "name": "Apache PDFBox Examples"
        },
        "product_version": "3.0.0 ≤3.0.7"
      }
    ]
  }
]

Source	Link
github	www.github.com/apache/pdfbox/pull/427/changes
lists	www.lists.apache.org/thread/op3lyx1ngzy4qycn06l6hljyf28ff0zs
lists	www.lists.apache.org/thread/j8l07tgzy9dm8d8n0f3c45h7zg7t3ld6

14 Apr 2026 08:09Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.3

EPSS0.00259

SSVC