CVE-2026-25940
CVE-2026-25940 affects jsPDF prior to version 4.2.0, where user control of AcroForm module properties/methods lets an attacker inject arbitrary PDF objects (e.g., JavaScript actions). This could trigger code execution or malicious behavior when a PDF is opened or hovered, depending on the viewer....