Vulnerability Details CVE-2026-40260
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has been fixed in version 6.10.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.5%
CVSS Severity