216.73.216.133

CVE-2026-3778

· Published 01/04/2026 02:16 · Modified 01/04/2026 14:23

Labels: CVE-2026-3778 14984358-7092-470d-8f34-ade47a7658a22026-04-01CVE-2026-3778CWE-674

Essential information

Published
01/04/2026 02:16
Modified
01/04/2026 14:23
Author
Creator
CVSS
6.2 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.

NVD status

Status
Undergoing Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
14984358-7092-470d-8f34-ade47a7658a2
NVD
View on NVD

Affected products (CPE)

ProductCPE
adobe / acrobat cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
pdf reader / pdf reader cpe:2.3:a:pdf_reader:pdf_reader:*:*:*:*:*:*:*:*

References