CVE-2026-3029 PUBLISHED

CVE-2026-3029

Assigner: certcc
Reserved: 23.02.2026 Published: 19.03.2026 Updated: 19.03.2026

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5.

Product Status

Vendor Artifex Software Inc. *PyMuPDF*
Product PyMuPDF
Versions
  • affected from 1.26.5 to 1.26.7 (excl.)

References

Problem Types

  • CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')