2441016 – (CVE-2026-25940) CVE-2026-25940 jsPDF: PDF injection in AcroForm module allows arbitrary JavaScript execution (RadioButton children)

Bug 2441016 (CVE-2026-25940) - CVE-2026-25940 jsPDF: PDF injection in AcroForm module allows arbitrary JavaScript execution (RadioButton children)

Summary: CVE-2026-25940 jsPDF: PDF injection in AcroForm module allows arbitrary JavaS...

Keywords:
Status:	NEW
Alias:	CVE-2026-25940
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-19 16:04 UTC by OSIDB Bzimport
Modified:	2026-02-19 21:26 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-19 16:04:29 UTC

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option. The vulnerability has been fixed in jsPDF.0. As a workaround, sanitize user input before passing it to the vulnerable API members.

Note You need to log in before you can comment on or make changes to this bug.