{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34376", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-27T13:43:14.370Z", "datePublished": "2026-04-01T17:05:22.831Z", "dateUpdated": "2026-04-01T18:53:12.317Z"}, "containers": {"cna": {"title": "PdfDing: Password-protected share bypass via direct serve endpoint", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/mrmn2/PdfDing/security/advisories/GHSA-42x7-vvj4-4cj3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mrmn2/PdfDing/security/advisories/GHSA-42x7-vvj4-4cj3"}, {"name": "https://github.com/mrmn2/PdfDing/pull/294", "tags": ["x_refsource_MISC"], "url": "https://github.com/mrmn2/PdfDing/pull/294"}, {"name": "https://github.com/mrmn2/PdfDing/commit/ae579ea98c5603d1435e0d90e81d72151564088a", "tags": ["x_refsource_MISC"], "url": "https://github.com/mrmn2/PdfDing/commit/ae579ea98c5603d1435e0d90e81d72151564088a"}, {"name": "https://github.com/mrmn2/PdfDing/releases/tag/v1.7.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/mrmn2/PdfDing/releases/tag/v1.7.0"}], "affected": [{"vendor": "mrmn2", "product": "PdfDing", "versions": [{"version": "< 1.7.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T17:05:22.831Z"}, "descriptions": [{"lang": "en", "value": "PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without completing the password verification flow. This results in unauthorized access to confidential documents that users expected to be protected by a shared-link password. This issue has been patched in version 1.7.0."}], "source": {"advisory": "GHSA-42x7-vvj4-4cj3", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:53:03.522879Z", "id": "CVE-2026-34376", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:53:12.317Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34376", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T18:53:03.522879Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:53:06.820Z"}}], "cna": {"title": "PdfDing: Password-protected share bypass via direct serve endpoint", "source": {"advisory": "GHSA-42x7-vvj4-4cj3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "mrmn2", "product": "PdfDing", "versions": [{"status": "affected", "version": "< 1.7.0"}]}], "references": [{"url": "https://github.com/mrmn2/PdfDing/security/advisories/GHSA-42x7-vvj4-4cj3", "name": "https://github.com/mrmn2/PdfDing/security/advisories/GHSA-42x7-vvj4-4cj3", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/mrmn2/PdfDing/pull/294", "name": "https://github.com/mrmn2/PdfDing/pull/294", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/mrmn2/PdfDing/commit/ae579ea98c5603d1435e0d90e81d72151564088a", "name": "https://github.com/mrmn2/PdfDing/commit/ae579ea98c5603d1435e0d90e81d72151564088a", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/mrmn2/PdfDing/releases/tag/v1.7.0", "name": "https://github.com/mrmn2/PdfDing/releases/tag/v1.7.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without completing the password verification flow. This results in unauthorized access to confidential documents that users expected to be protected by a shared-link password. This issue has been patched in version 1.7.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T17:05:22.831Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34376", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:53:12.317Z", "dateReserved": "2026-03-27T13:43:14.370Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-01T17:05:22.831Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pdfding:pdfding:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B5F1011-6A2F-4DB7-8192-662436A9918D", "versionEndExcluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without completing the password verification flow. This results in unauthorized access to confidential documents that users expected to be protected by a shared-link password. This issue has been patched in version 1.7.0."}], "id": "CVE-2026-34376", "lastModified": "2026-04-07T20:16:13.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-01T18:16:30.177", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/mrmn2/PdfDing/commit/ae579ea98c5603d1435e0d90e81d72151564088a"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/mrmn2/PdfDing/pull/294"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/mrmn2/PdfDing/releases/tag/v1.7.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/mrmn2/PdfDing/security/advisories/GHSA-42x7-vvj4-4cj3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.7.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PdfDing", "source": "cna", "vendor": "mrmn2"}, "product": "pdfding", "vendor": "mrmn2"}], "analysis": {"en": {"generated_at": "2026-04-07T22:36:12.204759+00:00", "value": {"mitigation_remediation": ["Upgrade PdfDing to version 1.7.0 or later.", "If an upgrade is not immediately possible, restrict access to the file\u2011serving endpoint or remove the capability to serve files without authentication."], "summary": {"action": "Apply patch", "impact": "Unauthorized access to confidential PDF documents"}, "threat_synthesis": {"affected_systems": "The flaw affects installations of PdfDing from the vendor mrmn2. Any deployment running a version older than 1.7.0 is vulnerable. The issue was fixed in version 1.7.0 and later releases.", "description_and_impact": "PdfDing, a self-hosted PDF manager, has an access\u2011control flaw (CWE\u2011863) that lets an unauthenticated user retrieve password\u2011protected shared PDFs by calling the file\u2011serving endpoint directly. Because the password verification step is bypassed, the attacker can view confidential documents that were intended to be protected. The vulnerability permits unauthorized access to sensitive information.", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity. The EPSS score is below 1\u202f%, suggesting low current exploitation likelihood. The vulnerability is not listed in CISA\u2019s KEV catalog. An attacker can exploit it by sending an unauthenticated HTTP request to the file\u2011serving endpoint, triggering the return of the protected PDF without a password prompt."}}}}, "created": "2026-04-02T07:48:11.144983+00:00", "updated": "2026-04-08T19:57:02.083303+00:00", "vendors": ["mrmn2", "mrmn2$PRODUCT$pdfding"]}