Path Traversal in Apache Software Foundation Pdfbox Examples

CVE-2026-33929

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.004 (57.7th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Pdfbox Examples — versions 2.0.24, 3.0.0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

github.com/apache/pdfbox/pull/427/changes (patch)
lists.apache.org/thread/op3lyx1ngzy4qycn06l6hljyf28ff0zs (mailing-list)
lists.apache.org/thread/j8l07tgzy9dm8d8n0f3c45h7zg7t3ld6 (vendor-advisory)