CVE-2026-23907

medium Red Hat
CVSS v3 Base Score
5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 88% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
None
Published: March 10, 2026 (65 days ago)
Last Modified: March 10, 2026
Vendor: Red Hat

Description

A Path Traversal flaw was found in the `ExtractEmbeddedFiles` example within Apache PDFBox. An attacker could craft a malicious PDF file containing embedded file entries with specially crafted filenames containing directory traversal sequences (for example ../). When processed by applications that copied this example code, files may be written outside the intended extraction directory, potentially leading to data corruption or unauthorized file creation.

CWE

CWE-22

Affected Products

Red Hat AMQ Broker 7Red Hat build of Apache Camel for Spring Boot 4Red Hat Data Grid 8Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Packstreams for Apache Kafka 2streams for Apache Kafka 3

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 lists.apache.org