CVE-2026-23907

medium

Red Hat

CVSS v3 Base Score

5.4

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Published: March 10, 2026

Last Modified: March 10, 2026

Vendor: Red Hat

Description

A Path Traversal flaw was found in the `ExtractEmbeddedFiles` example within Apache PDFBox. An attacker could craft a malicious PDF file containing embedded file entries with specially crafted filenames containing directory traversal sequences (for example ../). When processed by applications that copied this example code, files may be written outside the intended extraction directory, potentially leading to data corruption or unauthorized file creation.

CWE

CWE-22

Affected Products

Red Hat AMQ Broker 7Red Hat build of Apache Camel for Spring Boot 4Red Hat Data Grid 8Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Packstreams for Apache Kafka 2streams for Apache Kafka 3

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 lists.apache.org

CVE-2026-23907

Vulnerability Report

Description

CWE

Affected Products

References