CVE-2026-24737
HIGH 8.1jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0.
Affected Applications in Environment
13
Parallels Desktop
v20.1.2 (55742)
1 device
Parallels Desktop
v26.2.0 (57363)
1 device
Parallels Desktop
v20.0.0 (55653)
1 device
Parallels Desktop
v26.3.0 (57392)
2 devices
Parallels Desktop
v26.3.0 (57363)
1 device
Parallels Desktop
v26.2.2 (57373)
5 devices
Parallels Desktop
v1.20.4 (23908)
2 devices
Parallels Desktop
v26.2.2 (57293)
1 device
Parallels Desktop
v1.26.2 (23919)
1 device
Parallels Desktop
v26.1.2 (57293)
2 devices
Parallels Desktop
v26.3.0 (57373)
1 device
Parallels Desktop
v18.3.4 (53630)
2 devices
Parallels Desktop
v20.2.2 (55879)
1 device
Affected Devices
17
Barbara-Wilkinsons-iMac-27.local
Mac
EOP-MBP-3.local
Mac
F-16
Mac
a00017110-J7TV3C9HW5
Mac
a00596491-HK02DWTXXR
Mac
a00983376-G09J49PM70
Mac
a01662531-GX0LV9N9N0
Mac
a01841079-LK4T0Y7FP4
Mac
a02038137-Q1J07Y3V07
Mac
a02213466-C2V9D4WYJM
Mac
a02273006-FV4CYP2NJ3
Mac
a02324477-RR73X1VHHP
Mac
a02388352-LQ22WMQLKF
Mac
a02460298-NF236KX9TJ
Mac
a02480849-L4V042QWGK
Mac
cehsadmin's MacBook Pro-C02CK7K4MD6M
Mac
murftastic.local
Mac