Vulnerability Description
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service (DoS) vulnerability in the Stirling-PDF watermark functionality (`/api/v1/security/add-watermark` endpoint). The vulnerability allows authenticated users to cause resource exhaustion and server crashes by providing extreme values for the `fontSize` and `widthSpacer` parameters. Version 2.5.2 patches the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stirling | Stirling Pdf | >= 2.1.5, < 2.5.2 |
Related Weaknesses (CWE)
References
- https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-3932-2rfExploitVendor Advisory
- https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-3932-2rfExploitVendor Advisory
FAQ
What is CVE-2026-33438?
CVE-2026-33438 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service (DoS) vulnerability in...
How severe is CVE-2026-33438?
CVE-2026-33438 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-33438?
Check the references section above for vendor advisories and patch information. Affected products include: Stirling Stirling Pdf.