Exploit for CVE-2026-26801

pdfmake SSRF Vulnerability PoC Vulnerability Summary | Fi...

CVE-2026-26801

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

@apxc/node-red-contrib-apxc-pdfmake (>=0.0.1 <=0.0.2), @aryanbv/pdf-toolkit-mcp (>=0.2.0 <=0.2.4) +40 more potentially affected by CVE-2026-26801 via pdfmake (>=0.3.0-beta.2 <=0.3.8)

pdfmake NPM version =0.3.0-beta.2, =0.0.1, =0.2.0, =2.6.0, =0.0.1, =1.0.14, =3.7.4, =262.1002.0-beta.2, =262.1002.0-beta.4, =262.1002.0-beta.3, =1.2.0, =0.1.0, =1.0.0, =2.0.2, =6.0.0 - @prt-ts/pdf-json-helpers =5.0.0 and more Source cves: CVE-2026-26801 Source advisory: SNYK:JS-PDFMAKE-15467449...

@ind-rcg/generator (>=262.1002.0-beta.2 <=264.1004.0-beta.1), @ind-rcg/modeler-sfdx-cli-plugin (>=262.1002.0-beta.4 <=264.1004.0-beta.4) +2 more potentially affected by CVE-2026-26801 via pdfmake (>=0.3.0-beta.2 <=0.3.2)

pdfmake NPM version =0.3.0-beta.2, =262.1002.0-beta.2, =262.1002.0-beta.4, =262.1002.0-beta.3, =1.0.0, =2.2.0 Source cves: CVE-2026-26801 Source advisory: OSV:GHSA-WP52-R2FP-4VMR...

pdfmake is vulnerable to server-side request forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

Security Bulletin: Astronomer with IBM is vulnerable to resource allocation abuse due to the pdfmake package (CVE-2025-11362)

Summary Pdfmake is used by Astronomer with IBM as part of document processing functionality. Vulnerability Details CVEID:CVE-2025-11362 DESCRIPTION: Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect...

EUVD-2025-32603

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition...

GHSA-RJ3R-R7HH-JXFQ pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding

Versions of the package pdfmake from 0.3.0-beta.1 to before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that...

CVE-2025-11362

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition...

pdfmake 安全漏洞

pdfmake is a pure JavaScript server-side and client-side PDF document generation library from the individual developer Bartek Pampuch. A security vulnerability exists in pdfmake versions prior to 0.3.0-beta.17, which stems from duplicate redirect URLs in file embedding leading to an unlimited...

CVE-2024-25180

An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework that lives outsi...

Allocation of Resources Without Limits or Throttling

Overview pdfmake is a Client/server side PDF printing in pure JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by...

Exploit for Code Injection in Pdfmake_Project Pdfmake

CVE-2024-25180 Overview pdfmake is a pure JavaScript clien...

PT-2024-20802 · Pdfmake · Pdfmake

Name of the Vulnerable Software and Affected Versions: pdfmake version 0.2.9 Description: An issue in pdfmake allows remote attackers to run arbitrary code via a crafted POST request to the /pdf endpoint. Note that the behavior of the /pdf endpoint is intentional and only available after installi...