CVE-2026-3029

Description

A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5.

PUBLISHED Reserved 2026-02-23 | Published 2026-03-19 | Updated 2026-03-24 | Assigner certcc

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

References

www.kb.cert.org/vuls/id/504749

github.com/pymupdf/PyMuPDF

github.com/...ommit/603cafe38a183b8bab34f16d05043b4185d8d40a

cve.org (CVE-2026-3029)

nvd.nist.gov (CVE-2026-3029)

Download JSON