Vulnerability Description
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in [email protected]. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parall | Jspdf | < 4.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.mdExploitMitigationThird Party Advisory
- https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd543Patch
- https://github.com/parallax/jsPDF/releases/tag/v4.2.0Release Notes
- https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprpVendor Advisory
FAQ
What is CVE-2026-25755?
CVE-2026-25755 is a vulnerability with a CVSS score of 8.1 (HIGH). jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By...
How severe is CVE-2026-25755?
CVE-2026-25755 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25755?
Check the references section above for vendor advisories and patch information. Affected products include: Parall Jspdf.