CVE-2026-31898

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-31898
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31898.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31898
Aliases
Related
Published
2026-03-18T03:03:43.469Z
Modified
2026-04-10T05:42:12.672030Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
Summary
jsPDF has a PDF Object Injection via FreeText color
Details

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with the createAnnotation: color parameter. The vulnerability has been fixed in jsPDF@4.2.1. As a workaround, sanitize user input before passing it to the vulnerable API members.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31898.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-116"
    ]
}
References

Affected packages

Git / github.com/mrrio/jspdf

Affected ranges

Type
GIT
Repo
https://github.com/mrrio/jspdf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4562ce8aa35bd5ecd98cd5e262e3da2af96476f6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.2.1"
        }
    ]
}

Affected versions

1.*
1.1.135
1.3.4
v.*
v.1.4.0
v0.*
v0.9.0
v1.*
v1.0.106
v1.0.115
v1.0.116
v1.0.119
v1.0.138
v1.0.150
v1.0.178
v1.0.272
v1.2.60
v1.2.61
v1.3.0
v1.3.3
v1.3.4
v1.3.5
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.5.2
v1.5.3
Other
v2,1,0
v2.*
v2.0.0
v2.1.1
v2.2.0
v2.3.0
v2.3.1
v2.4.0
v2.5.0
v2.5.1
v2.5.2
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v4.*
v4.0.0
v4.1.0
v4.2.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31898.json"

Git / github.com/parallax/jspdf

Affected ranges

Type
GIT
Repo
https://github.com/parallax/jspdf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4562ce8aa35bd5ecd98cd5e262e3da2af96476f6

Affected versions

1.*
1.1.135
1.3.4
v.*
v.1.4.0
v0.*
v0.9.0
v1.*
v1.0.106
v1.0.115
v1.0.116
v1.0.119
v1.0.138
v1.0.150
v1.0.178
v1.0.272
v1.2.60
v1.2.61
v1.3.0
v1.3.3
v1.3.4
v1.3.5
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.5.2
v1.5.3
Other
v2,1,0
v2.*
v2.0.0
v2.1.1
v2.2.0
v2.3.0
v2.3.1
v2.4.0
v2.5.0
v2.5.1
v2.5.2
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v4.*
v4.0.0
v4.1.0
v4.2.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31898.json"