Plattform
other
Komponente
stirling-pdf
Behoben in
2.5.3
CVE-2026-27625 is a Path Traversal vulnerability discovered in Stirling-PDF, a locally hosted web application for PDF manipulation. This flaw allows authenticated users to write files outside the intended temporary directory, potentially leading to data compromise and system instability. The vulnerability affects versions of Stirling-PDF prior to 2.5.2, and a patch is available in version 2.5.2.
The core of this vulnerability lies in the /api/v1/convert/markdown/pdf endpoint, which fails to properly validate user-supplied ZIP entries. An attacker can craft a malicious ZIP archive containing path traversal sequences (e.g., ../../../../etc/passwd) to overwrite files on the server. The impact is directly tied to the permissions of the stirlingpdfuser process. If writable files of high privilege exist, an attacker could potentially escalate privileges or gain unauthorized access to sensitive data. This vulnerability shares similarities with other path traversal exploits, where attackers leverage insufficient input validation to manipulate file system paths.
CVE-2026-27625 was publicly disclosed on 2026-03-20. No public proof-of-concept exploits are currently known. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
Organizations utilizing Stirling-PDF for internal document processing, particularly those with shared hosting environments or legacy configurations where file permissions are not strictly enforced, are at increased risk. Environments where the stirlingpdfuser account has excessive privileges are also particularly vulnerable.
• linux / server: Monitor the stirlingpdfuser process for unexpected file creation or modification using lsof or inotify. Examine system logs for suspicious file access patterns.
lsof -u stirlingpdfuser | grep -i '/tmp/'• generic web: Monitor access logs for requests to /api/v1/convert/markdown/pdf containing unusual characters or path traversal sequences in the zip parameter.
grep '../../' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.06% (18% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-27625 is to immediately upgrade Stirling-PDF to version 2.5.2 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious path traversal patterns in the ZIP archive filename. Additionally, restrict the permissions of the stirlingpdfuser process to the absolute minimum required for its operation. Regularly review and audit the temporary directory used by Stirling-PDF to ensure it is not accessible from outside the application’s intended scope. After upgrade, confirm the fix by attempting a file write operation using a crafted ZIP archive with path traversal sequences.
Actualice Stirling-PDF a la versión 2.5.2 o posterior. Esta versión corrige la vulnerabilidad de escritura arbitraria de archivos mediante la validación adecuada de las rutas de los archivos extraídos de los archivos ZIP.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27625 is a Path Traversal vulnerability affecting Stirling-PDF versions prior to 2.5.2. It allows authenticated users to write files outside the intended directory, potentially compromising data integrity.
You are affected if you are using Stirling-PDF version 2.5.2 or earlier. Immediately upgrade to 2.5.2 to mitigate the risk.
The recommended fix is to upgrade Stirling-PDF to version 2.5.2 or later. As a temporary workaround, restrict file permissions and implement WAF rules to block malicious requests.
While no public exploits are currently known, the vulnerability's ease of exploitation makes it a potential target. Proactive patching is highly recommended.
Refer to the Stirling-PDF project's official website or security mailing list for the latest advisory and release notes regarding CVE-2026-27625.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.