Latest Sumatrapdfreader Vulnerabilities

Published: January 14, 2026 at 9:15 PM UTC CVE-2026-23512 is a high severity vulnerability (CVSS 8.6/10) affecting sumatrapdfreader sumatrapdf. Published Jan 14, 2026. Last updated Jan 14, 2026. CVE-2026-23512 enables unauthenticated attackers to compromise confidentiality and integrity and availability of sumatrapdfreader sumatrapdf. While no active exploitation has been reported, the vulnerability's low attack complexity and high impact make it a high-risk issue if left unpatched.

Severity - HIGH (8.6/10) - Attack Vector - LOCAL - Attack Complexity - LOW - Exploited in Wild - No known exploitation - Privileges Required - NONE - User Interaction - REQUIRED As of Jan 14, 2026, there are no confirmed reports of active exploitation. However, the vulnerability's characteristics make it attractive for opportunistic abuse if left unpatched.

Organizations using sumatrapdfreader sumatrapdf - Systems where local user access is permitted - Any exposed instance — no authentication is required to exploit Risk posture: High impact, low complexity vulnerability with no current exploitation, with potential cross-boundary impact. - Description - SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting.

On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to arbitrary code execution. - References - https://github.com/sumatrapdfreader/sumatrapdf/commit/2762e02a8cd7cb779c934a44257aac56ab7de673([email protected]) - https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-rqg5-gj63-x4mv([email protected]) - https://nvd.nist.gov/vuln/detail/CVE-2026-23512(NIST) - https://cvetodo.com/cve/CVE-2026-23512(CVETodo) # CVE-2026-23512 Security Assessment 1. Overview of the Vulnerability CVE-2026-23512 pertains to a Untrusted Search Path vulnerability in SumatraPDF versions 3.5.2 and earlier. The flaw manifests when the Advanced Options setting is triggered, causing the application to execute notepad.exe without specifying an absolute path.

This behavior allows an attacker to exploit the vulnerability by placing a malicious notepad.exe in the application's installation directory, leading to arbitrary code execution with the privileges of the user running SumatraPDF. 2. Potential Impact and Significance ### Impact Summary: - Arbitrary Code Execution: Attackers can execute malicious code on the affected system. - High Severity: The CVSS score of 8.6 reflects significant risk. - Scope Changed: The vulnerability affects the broader system scope, potentially impacting other processes or files.

Confidentiality, Integrity, and Availability (CIA): All are rated high, indicating severe consequences, including data theft, system compromise, or denial of service. ### Why It's Significant: - Local Attack Vector: Requires local access, but once exploited, can lead to full system compromise. - No Privilege Requirement: Attackers need no privileges, making it easier to exploit. - User Interaction Needed: Users must trigger the specific Advanced Options setting, which could be exploited via social engineering or malicious documents.

Potential for Persistence: Malicious executables placed in the installation directory could persist across sessions. 3. Technical Details ### Nature of the Vulnerability: - Untrusted Search Path: When executing commands, the application does not specify an absolute path for notepad.exe. - Execution Behavior: The application relies on the system's PATH environment variable or current directory to locate notepad.exe. - Exploitation Vector: An attacker can place a malicious notepad.exe in the application's directory, which will be executed when the Advanced Options are triggered.

### Specifics: - Trigger: When users enable or trigger the Advanced Options setting within SumatraPDF. - Execution: The application calls notepad.exe without an explicit path, leading to potential execution of a malicious file if present in the directory. 4. Affected Versions and Remediation ### Affected Versions: - SumatraPDF 3.5.2 and earlier. ### Remediation: - Upgrade to the latest version of SumatraPDF where the vulnerability has been addressed. - Check the official repository or website for the latest release.

The referenced commit (2762e02) indicates the fix involved specifying the absolute path when executing external commands. 5. Mitigation and Recommendations ### Immediate Actions: - Update SumatraPDF to the latest version as soon as possible. - Verify the integrity of SumatraPDF installations by checking hashes or signatures. ### Short-term Mitigations: - Restrict access to the SumatraPDF installation directory to prevent malicious file placement. - Disable or avoid using the Advanced Options feature until an update is applied.

Implement application whitelisting to prevent execution of unauthorized executables in the installation directory. ### Long-term Security Measures: - Educate users about the risks of executing applications with untrusted search paths. - Configure security policies to prevent execution of files from directories that are writable by untrusted users. - Monitor file system changes in the SumatraPDF directory for suspicious activity. ### Additional Recommendations: - Review and audit other applications for similar untrusted search path vulnerabilities. - Apply principle of least privilege to minimize impact if exploitation occurs.

Implement endpoint detection for suspicious executable placement or execution. 6. Additional Context and Related Vulnerabilities - Related CVEs: Similar untrusted search path vulnerabilities have been identified in other software, emphasizing the importance of specifying absolute paths during command execution. - Security advisories: The GitHub security advisory (GHSA-rqg5-gj63-x4mv) provides further details and patches. - Best Practices: Always validate and sanitize external inputs and commands, especially when executing external processes.

# Summary CVE-2026-23512 is a high-severity, local privilege vulnerability in SumatraPDF versions 3.5.2 and earlier, caused by executing notepad.exe without an absolute path during the Advanced Options trigger. Exploitation can lead to arbitrary code execution, posing significant security risks. Immediate remediation involves updating to the latest version, restricting directory access, and disabling vulnerable features. Ongoing security best practices should be followed to prevent similar issues in other applications.

References: - SumatraPDF GitHub Commit Fix - Security Advisory CVE-2026-23512 pertains to a Untrusted Search Path vulnerability in SumatraPDF versions 3.5.2 and earlier. The flaw manifests when the Advanced Options setting is triggered, causing the application to execute notepad.exe without specifying an absolute path. This behavior allows an attacker to exploit the vulnerability by placing a malicious notepad.exe in the application's installation directory, leading to arbitrary code execution with the privileges of the user running SumatraPDF.

### Impact Summary: - Arbitrary Code Execution: Attackers can execute malicious code on the affected system. - High Severity: The CVSS score of 8.6 reflects significant risk. - Scope Changed: The vulnerability affects the broader system scope, potentially impacting other processes or files. - Confidentiality, Integrity, and Availability (CIA): All are rated high, indicating severe consequences, including data theft, system compromise, or denial of service. ### Why It's Significant: - Local Attack Vector: Requires local access, but once exploited, can lead to full system compromise.

No Privilege Requirement: Attackers need no privileges, making it easier to exploit. - User Interaction Needed: Users must trigger the specific Advanced Options setting, which could be exploited via social engineering or malicious documents. - Potential for Persistence: Malicious executables placed in the installation directory could persist across sessions. ### Nature of the Vulnerability: - Untrusted Search Path: When executing commands, the application does not specify an absolute path for notepad.exe. - Execution Behavior: The application relies on the system's PATH environment variable or current directory to locate notepad.exe.

Exploitation Vector: An attacker can place a malicious notepad.exe in the application's directory, which will be executed when the Advanced Options are triggered. ### Specifics: - Trigger: When users enable or trigger the Advanced Options setting within SumatraPDF. - Execution: The application calls notepad.exe without an explicit path, leading to potential execution of a malicious file if present in the directory. ### Affected Versions: - SumatraPDF 3.5.2 and earlier. ### Remediation: - Upgrade to the latest version of SumatraPDF where the vulnerability has been addressed.

Check the official repository or website for the latest release. - The referenced commit (2762e02) indicates the fix involved specifying the absolute path when executing external commands. ### Immediate Actions: - Update SumatraPDF to the latest version as soon as possible. - Verify the integrity of SumatraPDF installations by checking hashes or signatures. ### Short-term Mitigations: - Restrict access to the SumatraPDF installation directory to prevent malicious file placement. - Disable or avoid using the Advanced Options feature until an update is applied.

Implement endpoint detection for suspicious executable placement or execution. - Related CVEs: Similar untrusted search path vulnerabilities have been identified in other software, emphasizing the importance of specifying absolute paths during command execution. - Security advisories: The GitHub security advisory (GHSA-rqg5-gj63-x4mv) provides further details and patches. - Best Practices: Always validate and sanitize external inputs and commands, especially when executing external processes.

References: - SumatraPDF GitHub Commit Fix - Security Advisory Updated: January 14, 2026 at 9:28 PM UTC Security Researcher & Vulnerability Analyst AI-assisted analysis reviewed and edited by Tony Hunt, Security Researcher & Vulnerability Analyst. Related vulnerability pattern: CWE-426 in sumatrapdf. Get notified when this high-severity CVE gets exploited or added to CISA KEV. Get notified when: CVE-2026-23512 is added to CISA KEV, exploits are published, patches are released, or major news breaks. Common questions about CVE-2026-23512 SumatraPDF is a multi-format reader for Windows.

In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to arbitrary code execution. CVE-2026-23512 has a severity rating of High (7.0-8.9) with a CVSS base score of 8.6 out of 10. This is a high severity vulnerability that should be prioritized for remediation. CVE-2026-23512 affects sumatrapdfreader sumatrapdf.

Check the official vendor advisories for specific affected versions and update recommendations. CVE-2026-23512 was published on January 14, 2026. The CVSS metrics for CVE-2026-23512 are: Attack Vector: LOCAL, Attack Complexity: LOW, Privileges Required: NONE, User Interaction: REQUIRED. Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H As of the latest available data, CVE-2026-23512 has not been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, which means there is no confirmed evidence of active exploitation. However, organizations should still assess their exposure and apply patches as recommended.

To remediate CVE-2026-23512: Check sumatrapdfreader's security advisories for official patches and updates. Update sumatrapdf to the latest patched version. Review the references section below for vendor advisories and mitigation guidance. CVE-2026-23512 has a CVSS base score of 8.6 out of 10, rated as HIGH severity. The attack vector is LOCAL. Attack complexity is LOW.

Status - Received - Affected Product - sumatrapdfreader sumatrapdf - Source - [email protected] - CVSS Metrics Attack Vector LOCAL Attack Complexity LOW Privileges Required NONE User Interaction REQUIRED Scope CHANGED Base Score 8.6 Exploitability Score 1.8 Impact Score 6 Vector String CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H - Impact - Confidentiality: HIGHIntegrity: HIGHAvailability: HIGH - Weaknesses - CWE-426([email protected]) - Last Modified - January 14, 2026 at 9:28 PM UTC Stay ahead of vulnerabilities with CVETodo. Get real-time alerts, manage your security tasks, and protect your infrastructure.

Real-time CVE monitoring Custom alerts & notifications Team collaboration tools CISA KEV tracking No credit card required • Free 14-day trial Boss wants a report? We'll email you CVE-2026-23512 in professional PDF format with all the key details. - CVE details & CVSS scores - Affected products & vendors - AI risk analysis - CISA KEV status - Mitigation recommendations No signup required. Professional PDF format delivered instantly to your inbox. Loading...

People Also Asked

• Latest%20Sumatrapdfreader%20Vulnerabilities%20-%20Feedly
• Sumatrapdf%20CVEs%20and%20Security%20Vulnerabilities%20-%20OpenCVE
• CVE-2026-25961%20%28Sumatrapdfreader%20Sumatrapdf%29%20-%20SecAlerts
• Sumatrapdfreader%20Sumatrapdf%20security%20vulnerabilities%2C%20CVEs...
• CVE-2026-23512%20sumatrapdfreader%20sumatrapdf%20High%20CVETodo
• sumatrapdfreader%20CVE%20Vulnerabilities%20%26%20Metrics
• Latest%20Sumatrapdfreader%20vulnerabilities%20since%20last%20week%20%28CVE...
• NVD%20-%20CVE-2026-25961