Vulnerability Description
BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8.3.
Related Weaknesses (CWE)
References
- https://github.com/alam00000/bentopdf/releases/tag/v2.8.3
- https://github.com/alam00000/bentopdf/security/advisories/GHSA-6vh8-4frx-647f
FAQ
What is CVE-2026-41653?
CVE-2026-41653 is a documented vulnerability. BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaSc...
How severe is CVE-2026-41653?
CVSS scoring is not yet available for CVE-2026-41653. Check NVD for updates.
Is there a patch for CVE-2026-41653?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.