What is CVE-2026-33438?

CVE-2026-33438 is a medium-severity vulnerability in Stirling-tools Stirling-pdf, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 6.5/10. Published 2026-03-26.

How severe is CVE-2026-33438?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Resource exhaustion in Stirling-tools Stirling-pdf

CVE-2026-33438

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service (DoS) vulnerability in the Stirling-PDF watermark functionali…

EPSS: 0.000 (6.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Stirling-tools Stirling-pdf — versions >= 2.1.5, < 2.5.2

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-3932-2rfq-87xm (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-33438?: CVE-2026-33438 is a medium-severity vulnerability in Stirling-tools Stirling-pdf, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 6.5/10. Published 2026-03-26.
How severe is CVE-2026-33438?: Medium severity. CVSS v3 base score is 6.5 out of 10.