Description

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s system with the privileges of the current user, without any warning or user interaction beyond the menu click.

INFO

Published Date :

2026-02-09T21:10:59.964Z

Last Modified :

2026-02-10T15:58:14.407Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25880 vulnerability.

Vendors Products
Sumatrapdfreader
  • Sumatrapdf
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25880.

URL Resource
https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-5x4h-247q-px37 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact