CVE-2026-23512
SumatraPDF has an Untrusted Search Path in sumatrapdf/src/AppTools.cpp
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to arbitrary code execution.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Productos afectados
sumatrapdfreader · sumatrapdf¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →