SumatraPDF has an Untrusted Search Path in sumatrapdf/src/AppTools.cpp_CVE-2026-23512

8.6 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to arbitrary code execution.

AI Analysis

Untrusted Search Path vulnerability in SumatraPDF, allowing arbitrary code execution

Basic Information

ID CVE-2026-23512

Source GitHub_M

Published Jan 14, 2026 at 20:31

Modified Jan 14, 2026 at 21:04

Affected Product

Vendor sumatrapdfreader

Product sumatrapdf

Version <= 3.5.2

Affected Versions sumatrapdfreader sumatrapdf <= 3.5.2

CWE Classification

CWE-426

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor SumatraPDF

Product SumatraPDF

Version 3.5.2 and earlier

References

{
    "lastseen": "",
    "description": "SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to arbitrary code execution.",
    "published": "2026-01-14T20:31:08.724Z",
    "modified": "2026-01-14T21:04:47.478Z",
    "type": "cve",
    "title": "SumatraPDF has an Untrusted Search Path in sumatrapdf/src/AppTools.cpp",
    "source": "GitHub_M",
    "references": "https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-rqg5-gj63-x4mv\nhttps://github.com/sumatrapdfreader/sumatrapdf/commit/2762e02a8cd7cb779c934a44257aac56ab7de673",
    "id": "CVE-2026-23512",
    "bulletinFamily": "",
    "cwe": [
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "sumatrapdfreader sumatrapdf <= 3.5.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "sumatrapdf",
    "version": "<= 3.5.2",
    "vendor": "sumatrapdfreader",
    "ai_description": "Untrusted Search Path vulnerability in SumatraPDF, allowing arbitrary code execution",
    "ai_severity": "High",
    "ai_vendor": "SumatraPDF",
    "ai_product": "SumatraPDF",
    "ai_version": "3.5.2 and earlier",
    "ai_score": 8.6
}