What is CVE-2026-27625 — Path Traversal in Stirling-PDF?

CVE-2026-27625 is a Path Traversal vulnerability affecting Stirling-PDF versions prior to 2.5.2. It allows authenticated users to write files outside the intended directory, potentially compromising data integrity.

Am I affected by CVE-2026-27625 in Stirling-PDF?

You are affected if you are using Stirling-PDF version 2.5.2 or earlier. Immediately upgrade to 2.5.2 to mitigate the risk.

How do I fix CVE-2026-27625 in Stirling-PDF?

The recommended fix is to upgrade Stirling-PDF to version 2.5.2 or later. As a temporary workaround, restrict file permissions and implement WAF rules to block malicious requests.

Is CVE-2026-27625 being actively exploited?

While no public exploits are currently known, the vulnerability's ease of exploitation makes it a potential target. Proactive patching is highly recommended.

Where can I find the official Stirling-PDF advisory for CVE-2026-27625?

Refer to the Stirling-PDF project's official website or security mailing list for the latest advisory and release notes regarding CVE-2026-27625.

CVE-2026-27625 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2026-27625 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• linux / server: Monitor the stirlingpdfuser process for unexpected file creation or modification using lsof or inotify. Examine system logs for suspicious file access patterns.

lsof -u stirlingpdfuser | grep -i '/tmp/'

• generic web: Monitor access logs for requests to /api/v1/convert/markdown/pdf containing unusual characters or path traversal sequences in the zip parameter.

grep '../../' /var/log/apache2/access.log

Stirling-PDF Zip Slip: Escrita Arbitrária de Arquivos via Path Traversal na Extração ZIP de Markdown para PDF

Impacto e Cenários de Ataque

Contexto de Exploração

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativas

Como corrigirtraduzindo…

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2026-27625 — Path Traversal in Stirling-PDF?

Am I affected by CVE-2026-27625 in Stirling-PDF?

How do I fix CVE-2026-27625 in Stirling-PDF?

Is CVE-2026-27625 being actively exploited?

Where can I find the official Stirling-PDF advisory for CVE-2026-27625?

Seu projeto está afetado?