What is the CVSS score of CVE-2026-27625?

CVE-2026-27625 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Stirling Pdf are affected by CVE-2026-27625?

Stirling-PDF versions before 2.5.2 contain a path traversal vulnerability in the PDF conversion API that allows authenticated users to write arbitrary files on the server, potentially overwriting…. A patch is available.

How to fix or mitigate CVE-2026-27625?

Within 24 hours: Identify all instances of Stirling-PDF in use and document current versions. Within 7 days: Upgrade all affected deployments to Stirling-PDF version 2.5.2 or later; restrict API access to the /api/v1/convert/markdown/pdf endpoint to trusted users only as interim control. Within 30 days: Review file system permissions for the stirlingpdfuser process account and implement principle of least privilege; audit recent PDF conversion logs for suspicious activity.

Stirling Pdf CVE-2026-27625

EUVD-2026-13638 HIGH

Path Traversal (CWE-22)

2026-03-20 GitHub_M

Path Traversal Stirling Pdf

8.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.1 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:19 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

2.5.2

EUVD ID Assigned

Mar 20, 2026 - 09:18 euvd

EUVD-2026-13638

Analysis Generated

Mar 20, 2026 - 09:18 vuln.today

CVE Published

Mar 20, 2026 - 08:44 nvd

HIGH 8.1

DescriptionGitHub Advisory

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary working directory, leading to arbitrary file write with the privileges of the Stirling-PDF process user (stirlingpdfuser). This can overwrite writable files and compromise data integrity, with further impact depending on writable paths. The issue was fixed in version 2.5.2.

AnalysisAI

Stirling-PDF, a locally hosted web application for PDF operations, contains a path traversal vulnerability in the /api/v1/convert/markdown/pdf endpoint that allows authenticated users to write arbitrary files outside the intended directory. Versions prior to 2.5.2 are affected, enabling attackers to overwrite writable files with the privileges of the stirlingpdfuser process account, compromising data integrity and potentially availability. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Stirling-PDF application

Delivery

Craft malicious ZIP with path traversal entries

Exploit

POST to /api/v1/convert/markdown/pdf endpoint

Execution

Extract ZIP without validation

Persist

Overwrite arbitrary files on disk

Impact

Compromise application or system integrity