CVE-2026-3029

HIGH 7.5

CVE-2026-3029

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

7th

A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5.

Vendor	artifex software inc. pymupdf
Product	pymupdf
Published	Mar 19, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for artifex software inc. pymupdf pymupdf

Be the first to know when new high vulnerabilities affecting artifex software inc. *pymupdf* pymupdf are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Artifex Software Inc. *PyMuPDF* / PyMuPDF

1.26.5 < 1.26.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: http://github.com/pymupdf/PyMuPDF github.com: http://github.com/pymupdf/PyMuPDF/commit/603cafe38a183b8bab34f16d05043b4185d8d40a kb.cert.org: https://www.kb.cert.org/vuls/id/504749

CVE-2026-3029

CVE-2026-3029

Get instant alerts for artifex software inc. *pymupdf* pymupdf

Affected Versions

References

Get instant alerts for artifex software inc. pymupdf pymupdf