CVE-2026-41653
BentoPDF: Stored XSS via Markdown Editor Leading to Persistent File Exfiltration
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8.3.
| CWE | CWE-79 |
| Vendor | alam00000 |
| Product | bentopdf |
| Published | May 7, 2026 |
| Last Updated | May 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for alam00000 bentopdf
Be the first to know when new unknown vulnerabilities affecting alam00000 bentopdf are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
alam00000 / bentopdf
< 2.8.3