Home / Vulnerability Intelligence / CVE-2026-27625

CVE-2026-27625 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 20, 2026

Stirling-PDF - Path Traversal

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Stirling-PDF < 2.5.2 contains a path traversal caused by lack of path checks when extracting user-supplied ZIP entries in /api/v1/convert/markdown/pdf, letting authenticated users write arbitrary files outside intended directories.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 5.5%(Probability of exploitation in next 30 days)

Impact

Authenticated users can write arbitrary files with Stirling-PDF process privileges, potentially leading to data integrity compromise and further system impact.

Mitigation

Upgrade to version 2.5.2 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 20, 2026

🟠 CVE-2026-27625 - High (8.1) Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user ca... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27625/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-27625
Severity: High
CVSS Score: 8.1
Type: path_traversal
Status: unconfirmed
EPSS: 5.5%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score

5.5%Probability of exploitation in the next 30 days