Description
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to arbitrary code execution.
Published: 2026-01-14
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

SumatraPDF, a Windows PDF reader, has an Untrusted Search Path flaw in its Advanced Options feature that causes the application to execute notepad.exe without a full path. If an attacker places a malicious notepad.exe in the installed folder, the program will run it, allowing the attacker to execute arbitrary code with the privileges of the user running SumatraPDF. The vulnerability originates from CWE-426 and results in unrestricted code execution for any user who launches the application with the Advanced Options enabled.

Affected Systems

The issue affects SumatraPDF releases 3.5.2 and earlier on Windows operating systems. The product name is SumatraPDF by sumatrapdfreader, and the affected product is the sumatrapdf application. All installations of these older versions are susceptible when the Advanced Options setting is in use.

Risk and Exploitability

The vulnerability scores 8.6 on the CVSS scale, indicating high severity, and has an EPSS score of less than 1 %, suggesting a low but existing likelihood of exploitation. It is not listed in the CISA KEV catalog. The typical attack vector requires a user to open SumatraPDF with Advanced Options enabled after an attacker has placed a crafted notepad.exe in the program directory. Because the bug relies on a local search path, it does not require network exposure but still poses a critical risk to any user who runs the software on a compromised system.

Generated by OpenCVE AI on April 18, 2026 at 06:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SumatraPDF to a version newer than 3.5.2
  • Disable or reconfigure the Advanced Options feature so that absolute paths are used instead of the default search path
  • Remove any unexpected notepad.exe or other executables from the SumatraPDF installation directory and secure the folder against execution

Generated by OpenCVE AI on April 18, 2026 at 06:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:sumatrapdfreader:sumatrapdf:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Thu, 15 Jan 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
Sumatrapdfreader
Sumatrapdfreader sumatrapdf
Vendors & Products Microsoft
Microsoft windows
Sumatrapdfreader
Sumatrapdfreader sumatrapdf

Wed, 14 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 14 Jan 2026 20:45:00 +0000

Type Values Removed Values Added
Description SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to arbitrary code execution.
Title SumatraPDF has an Untrusted Search Path in sumatrapdf/src/AppTools.cpp
Weaknesses CWE-426
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Microsoft Windows
Sumatrapdfreader Sumatrapdf
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-14T21:04:47.478Z

Reserved: 2026-01-13T18:22:43.979Z

Link: CVE-2026-23512

cve-icon Vulnrichment

Updated: 2026-01-14T21:04:38.719Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-14T21:15:54.013

Modified: 2026-02-03T17:56:29.520

Link: CVE-2026-23512

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:15:15Z

Weaknesses