Description

PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, check_shared_access_allowed() validates only session existence — it does not check SharedPdf.inactive (expiration / max views) or SharedPdf.deleted. The Serve and Download endpoints rely solely on this function, allowing previously-authorized users to access shared PDF content after expiration, view limit, or soft-deletion. This issue has been patched in version 1.7.1.

INFO

Published Date :

2026-03-31T20:27:50.597Z

Last Modified :

2026-03-31T20:27:50.597Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34586 vulnerability.

Vendors Products
Mrmn2
  • Pdfding
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34586.

URL Resource
https://github.com/mrmn2/PdfDing/commit/a6783b259b25c839c52c6f2380333827a52e89eb cve-icon cve-icon
https://github.com/mrmn2/PdfDing/releases/tag/v1.7.1 cve-icon cve-icon
https://github.com/mrmn2/PdfDing/security/advisories/GHSA-vfqx-2464-38wf cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact