CVE-2026-54651
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
pypdf is a free and open-source pure-python PDF library. Prior to version 6.13.1, an attacker could exploit this vulnerability to craft a PDF that leads to an infinite loop.
Risk Assessment
Exploitation of this vulnerability could result in the application processing PDFs becoming unresponsive, affecting service availability within the organization.
Recommendation
It is recommended to upgrade pypdf to version 6.13.1 or later to mitigate this vulnerability.
Original NVD description (English source)
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1.

