Skip to main content
ZDI-CAN-28710 HIGH 7.8 Overdue Jan 09, 2026

FontForge

FontForge is an open-source font editor software used for creating and modifying typeface files. This vulnerability has a high CVSS score of 7.8 and requires local access with user interaction but no authentication, potentially allowing an attacker to compromise confidentiality, integrity, and availability of the affected system. Security teams should monitor for malicious font files or documents that could trigger this vulnerability when opened by users in FontForge or applications that process fonts created with it.

Advisory Details
Researcher Discovered by: Brandon Evans of Trend Zero Day Initiative
Reported January 09, 2026
Deadline May 09, 2026 69d overdue
CVSS Vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy