PYSEC-2026-1760

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pdf2zh/PYSEC-2026-1760.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1760
Aliases
Published
2026-07-07T16:03:09.189855Z
Modified
2026-07-07T17:47:47.649161926Z
Severity
  • 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P CVSS Calculator
Summary
Byaidu PDFMathTranslate vulnerable to open redirect
Details

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.

References

Affected packages

PyPI / pdf2zh

Package

Affected ranges

Affected versions

1.*
1.9.9

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/pdf2zh/PYSEC-2026-1760.yaml"