Home

Description

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service (DoS) vulnerability in the Stirling-PDF watermark functionality (`/api/v1/security/add-watermark` endpoint). The vulnerability allows authenticated users to cause resource exhaustion and server crashes by providing extreme values for the `fontSize` and `widthSpacer` parameters. Version 2.5.2 patches the issue.

PUBLISHED Reserved 2026-03-19 | Published 2026-03-26 | Updated 2026-03-26 | Assigner GitHub_M




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

>= 2.1.5, < 2.5.2
affected

References

github.com/...ng-PDF/security/advisories/GHSA-3932-2rfq-87xm exploit

github.com/...ng-PDF/security/advisories/GHSA-3932-2rfq-87xm

cve.org (CVE-2026-33438)

nvd.nist.gov (CVE-2026-33438)

Download JSON