Cyber Posture

CVE-2026-27628

High

Published: 25 February 2026

Published
25 February 2026
Modified
27 February 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 17.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27628 is a high-severity Infinite Loop (CWE-835) vulnerability in Pypdf Project Pypdf. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 17.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CP-7 Alternate Processing Site
addresses: CWE-835

Enables transfer to alternate site if an infinite loop at the primary renders processing unavailable.

SC-5 Denial-of-service Protection
addresses: CWE-835

Detects and mitigates infinite loops that produce sustained resource consumption.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Infinite loop in PDF parsing library directly enables application exploitation resulting in endpoint DoS via resource exhaustion.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2.…

more

As a workaround, one may apply the patch manually.

Deeper analysisAI

CVE-2026-27628 is a denial-of-service vulnerability in pypdf, a free and open-source pure-python PDF library. Versions prior to 6.7.2 are affected, where processing a specially crafted PDF file triggers an infinite loop (CWE-835: Loop with Unreachable Exit Condition). The issue has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting high availability impact with no requirements for privileges or user interaction.

A remote attacker can exploit this vulnerability by crafting a malicious PDF file and inducing a victim to process it using a vulnerable pypdf installation, such as in a PDF parsing application or service. This leads to an infinite loop during file reading, causing resource exhaustion and denial of service on the affected system or process.

The vulnerability has been fixed in pypdf version 6.7.2. As a workaround, users can manually apply the patch from the referenced commit. Official advisories and discussions are available in the pypdf GitHub security advisory (GHSA-2rw7-x74f-jg35) and related issues.

Details

CWE(s)
CWE-835

Affected Products

pypdf project
pypdf
≤ 6.7.2

CVEs Like This One

CVE-2026-33699Same product: Pypdf Project Pypdf
CVE-2026-27888Same product: Pypdf Project Pypdf
CVE-2026-2219Shared CWE-835
CVE-2026-32287Shared CWE-835
CVE-2026-31448Shared CWE-835
CVE-2026-21507Shared CWE-835
CVE-2026-26283Shared CWE-835
CVE-2025-64438Shared CWE-835
CVE-2026-33013Shared CWE-835
CVE-2026-35406Shared CWE-835

References