CVE-2026-33699: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') in py-pdf pypdf
pypdf versions prior to 6. 9. 2 contain a vulnerability where processing a specially crafted PDF file in non-strict mode can cause an infinite loop. This issue is classified as CWE-835 (Loop with Unreachable Exit Condition). The vulnerability has been fixed in version 6. 9. 2. Users unable to upgrade immediately may consider manually applying the patch changes.
AI Analysis
Technical Summary
The pypdf library before version 6.9.2 has a vulnerability (CVE-2026-33699) involving an infinite loop triggered by a crafted PDF file when read in non-strict mode. This infinite loop results from a loop construct with an unreachable exit condition (CWE-835). The issue has been addressed and fixed in pypdf 6.9.2.
Potential Impact
An attacker can cause a denial of service by supplying a malicious PDF that triggers an infinite loop during processing in pypdf versions earlier than 6.9.2. This can lead to application hang or resource exhaustion. There is no indication of code execution or data disclosure from the provided information.
Mitigation Recommendations
Upgrade to pypdf version 6.9.2 or later, where the vulnerability is fixed. If upgrading is not immediately possible, users should consider manually applying the patch changes from the official fix. No other mitigations are specified.
CVE-2026-33699: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') in py-pdf pypdf
Description
pypdf versions prior to 6. 9. 2 contain a vulnerability where processing a specially crafted PDF file in non-strict mode can cause an infinite loop. This issue is classified as CWE-835 (Loop with Unreachable Exit Condition). The vulnerability has been fixed in version 6. 9. 2. Users unable to upgrade immediately may consider manually applying the patch changes.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The pypdf library before version 6.9.2 has a vulnerability (CVE-2026-33699) involving an infinite loop triggered by a crafted PDF file when read in non-strict mode. This infinite loop results from a loop construct with an unreachable exit condition (CWE-835). The issue has been addressed and fixed in pypdf 6.9.2.
Potential Impact
An attacker can cause a denial of service by supplying a malicious PDF that triggers an infinite loop during processing in pypdf versions earlier than 6.9.2. This can lead to application hang or resource exhaustion. There is no indication of code execution or data disclosure from the provided information.
Mitigation Recommendations
Upgrade to pypdf version 6.9.2 or later, where the vulnerability is fixed. If upgrading is not immediately possible, users should consider manually applying the patch changes from the official fix. No other mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-23T17:06:05.746Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69c5d2fe3c064ed76ff40481
Added to database: 3/27/2026, 12:44:46 AM
Last enriched: 4/3/2026, 1:32:03 PM
Last updated: 5/11/2026, 5:07:18 AM
Views: 88
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.