CVE-2026-41313: CWE-834: Excessive Iteration in py-pdf pypdf
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
AI Analysis
Technical Summary
The vulnerability CVE-2026-41313 in pypdf (versions before 6.10.2) is due to excessive iteration when loading PDF files that contain a large trailer /Size value in incremental mode. This can cause the library to spend an unusually long time processing such crafted PDFs, resulting in performance degradation or denial of service conditions. The issue is addressed by the fix included in pypdf version 6.10.2. No cloud service is involved, and no known exploits have been reported.
Potential Impact
An attacker can craft a malicious PDF that triggers long processing times in vulnerable versions of pypdf, potentially causing denial of service or resource exhaustion on systems that parse such PDFs. The impact is limited to local processing of malicious PDFs and does not involve remote code execution or data compromise. No known exploits are currently reported in the wild.
Mitigation Recommendations
Upgrade to pypdf version 6.10.2 or later, where this vulnerability is fixed. Alternatively, users may manually apply the patch changes from the fix if upgrading is not immediately possible. There is no vendor advisory indicating that no action is required or that the issue is already mitigated otherwise.
CVE-2026-41313: CWE-834: Excessive Iteration in py-pdf pypdf
Description
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-41313 in pypdf (versions before 6.10.2) is due to excessive iteration when loading PDF files that contain a large trailer /Size value in incremental mode. This can cause the library to spend an unusually long time processing such crafted PDFs, resulting in performance degradation or denial of service conditions. The issue is addressed by the fix included in pypdf version 6.10.2. No cloud service is involved, and no known exploits have been reported.
Potential Impact
An attacker can craft a malicious PDF that triggers long processing times in vulnerable versions of pypdf, potentially causing denial of service or resource exhaustion on systems that parse such PDFs. The impact is limited to local processing of malicious PDFs and does not involve remote code execution or data compromise. No known exploits are currently reported in the wild.
Mitigation Recommendations
Upgrade to pypdf version 6.10.2 or later, where this vulnerability is fixed. Alternatively, users may manually apply the patch changes from the fix if upgrading is not immediately possible. There is no vendor advisory indicating that no action is required or that the issue is already mitigated otherwise.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-20T14:01:46.671Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e93e1919fe3cd2cdf2afdd
Added to database: 4/22/2026, 9:31:05 PM
Last enriched: 4/22/2026, 9:46:08 PM
Last updated: 4/22/2026, 11:28:47 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.