CVE-2026-25940 – jsPDF’s PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and “AS” property)

CVE ID : CVE-2026-25940

Published : Feb. 19, 2026, 4:27 p.m. | 33 minutes ago

Description : jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option. The vulnerability has been fixed in jsPDF@4.2.0. As a workaround, sanitize user input before passing it to the vulnerable API members.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-25940 – jsPDF’s PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and “AS” property)

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-27327 – WordPress YayMail – WooCommerce Email Customizer plugin

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2026-27014 – NanZip has ROMFS Archive Infinite Loop / Stack Overflow

CVE-2026-27476 – RustFly 2.0.0 Command Injection via UDP Remote Control

CVE-2026-26282 – NanaZip has DotNet Single file OOB Heap Read

CVE-2026-27387 – WordPress DirectoryPress plugin