CVE-2026-25755
HIGH 8.1jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method.
Affected Applications in Environment
13
Parallels Desktop
v20.1.2 (55742)
1 device
Parallels Desktop
v26.2.0 (57363)
1 device
Parallels Desktop
v20.0.0 (55653)
1 device
Parallels Desktop
v26.3.0 (57392)
2 devices
Parallels Desktop
v26.3.0 (57363)
1 device
Parallels Desktop
v26.2.2 (57373)
5 devices
Parallels Desktop
v1.20.4 (23908)
2 devices
Parallels Desktop
v26.2.2 (57293)
1 device
Parallels Desktop
v1.26.2 (23919)
1 device
Parallels Desktop
v26.1.2 (57293)
2 devices
Parallels Desktop
v26.3.0 (57373)
1 device
Parallels Desktop
v18.3.4 (53630)
2 devices
Parallels Desktop
v20.2.2 (55879)
1 device
Affected Devices
17
Barbara-Wilkinsons-iMac-27.local
Mac
EOP-MBP-3.local
Mac
F-16
Mac
a00017110-J7TV3C9HW5
Mac
a00596491-HK02DWTXXR
Mac
a00983376-G09J49PM70
Mac
a01662531-GX0LV9N9N0
Mac
a01841079-LK4T0Y7FP4
Mac
a02038137-Q1J07Y3V07
Mac
a02213466-C2V9D4WYJM
Mac
a02273006-FV4CYP2NJ3
Mac
a02324477-RR73X1VHHP
Mac
a02388352-LQ22WMQLKF
Mac
a02460298-NF236KX9TJ
Mac
a02480849-L4V042QWGK
Mac
cehsadmin's MacBook Pro-C02CK7K4MD6M
Mac
murftastic.local
Mac