6 matches found
CVE-2026-25961
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...
CVE-2026-25961 SumatraPDF Update MITM -> Arbitrary Code Execution
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...
CVE-2026-25961 SumatraPDF Update MITM -> Arbitrary Code Execution
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...
CVE-2026-25961
CVE-2026-25961 affects SumatraPDF
PT-2026-7172
Name of the Vulnerable Software and Affected Versions SumatraPDF versions 3.5.0 through 3.5.2 Description SumatraPDF’s update process has a flaw where TLS hostname verification is disabled INTERNET FLAG IGNORE CERT CN INVALID and installers are executed without signature verification. This allows...
CVE-2024-23460
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS 4.2...