CVE-2026-26801

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

pdfmake 安全漏洞

pdfmake is a pure JavaScript server-side and client-side PDF document generation library developed by Bartek Pampuch. There were security vulnerabilities in the version 0.3.0-beta.2 to 0.3.5 of pdfmake, which stemmed from the src/URLResolver.js component’s server-side request forgery vulnerabilit...