CVE-2026-40260 | py-pdf pypdf up to 6.9.x XMP Metadata xml entity expansion (GHSA-3crg-w4f6-42mx)

A vulnerability, which was classified as problematic, has been found in py-pdf pypdf up to 6.9.x. Impacted is an unknown function of the component XMP Metadata Handler. This manipulation causes xml entity expansion.

This vulnerability is tracked as CVE-2026-40260. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More