Description
A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5.
Published: 2026-03-19
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Write
Action: Immediate Update
AI Analysis

Impact

A flaw in the get function of PyMuPDF 1.26.5 allows unvalidated file paths to be processed, enabling an attacker to traverse directories and write files at arbitrary locations. This weakness permits overwriting trusted files, inserting malicious content, or corrupting data, thereby compromising integrity and possibly enabling further exploitation.

Affected Systems

The PyMuPDF library developed by Artifex Software Inc., specifically version 1.26.5, is affected by this path traversal and arbitrary file write vulnerability.

Risk and Exploitability

The CVSS score of 7.5 signals high severity, yet the EPSS score of less than 1 % indicates that exploitation is currently rare. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector appears to be local, requiring an attacker to supply a crafted path to the vulnerable get function.

Generated by OpenCVE AI on March 24, 2026 at 04:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the PyMuPDF vendor’s website or release notes for a patch that removes or fixes the vulnerable get function.
  • If a patch is not yet available, restrict the environment in which PyMuPDF runs so that it cannot access sensitive file paths, or alter application code to enforce strict path validation before calling get.

Generated by OpenCVE AI on March 24, 2026 at 04:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cxqh-p2w9-fmr7 PyMuPDF has a path traversal in _main_.py
History

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Fri, 20 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22

Fri, 20 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Artifex
Artifex pymupdf
Vendors & Products Artifex
Artifex pymupdf

Thu, 19 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
References

Thu, 19 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5.
Title CVE-2026-3029
References

Subscriptions

Artifex Pymupdf
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-03-24T01:35:10.611Z

Reserved: 2026-02-23T14:10:15.439Z

Link: CVE-2026-3029

cve-icon Vulnrichment

Updated: 2026-03-19T16:21:32.940Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T16:16:04.297

Modified: 2026-03-24T02:16:05.463

Link: CVE-2026-3029

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-19T15:53:38Z

Links: CVE-2026-3029 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:55:18Z

Weaknesses