Is there a patch available for CVE-2026-48155?

Yes, a patch is available for CVE-2026-48155. Update the affected software to the latest version immediately.

pypdf CVE-2026-48155

Q: What is the CVSS score of CVE-2026-48155?

CVE-2026-48155 has a CVSS 4.0 base score of 4.8 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

EUVD-2026-32914 MEDIUM

Uncontrolled Resource Consumption (CWE-400)

2026-05-28 GitHub_M

Denial Of Service Python

4.8

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 28, 2026 - 17:51 vuln.today

Analysis Generated

May 28, 2026 - 17:51 vuln.today

Patch available

May 28, 2026 - 17:01 EUVD

CVSS changed

May 28, 2026 - 16:22 NVD

4.8 (MEDIUM)

CVE Published

May 28, 2026 - 14:51 nvd

UNKNOWN (no severity yet)

DescriptionNVD

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0.

AnalysisAI

Memory exhaustion in pypdf prior to 6.12.0 allows an attacker who supplies a crafted PDF to cause large memory consumption in any application that processes it using layout mode text extraction. The vulnerability is triggered by PDFs containing text positioning operators with abnormally large x- or y-coordinate offsets, causing the library to allocate unbounded whitespace and newline characters during rendering. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-48155 vulnerability details – vuln.today

Back

pypdf CVE-2026-48155

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

pypdf CVE-2026-48155

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code