CVE-2026-40260 Unknown

CVE-2026-40260

SUSE Released: April 18, 2026 Updated: April 18, 2026 Restart Required

Description

CVE-2026-40260 pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has been fixed in version 6.10.0. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

Fixed Vulnerabilities 1

CVE-2026-40260 N/A 0.0 ⚠️ KEV fixed

Apr 17, 2026

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who…

Quick Info

Patch ID: CVE-2026-40260

Vendor: SUSE

Severity: Unknown

CVEs Fixed: 1

Restart: Required

Vendor

SUSE

Additional Info

advisory id: CVE-2026-40260

advisory type: Security Update

cvrf filename: cvrf-CVE-2026-40260.xml

CVE Vulnerabilities

Posts & Pages