Path Traversal and Arbitrary File Write Vulnerability in PyMuPDF by Artifex Software
CVE-2026-3029

Currently unrated

Key Information:

Vendor

Artifex Software Inc. *pymuPDF*

Status
PymuPDF
Vendor
CVE Published:
19 March 2026

What is CVE-2026-3029?

A path traversal and arbitrary file write vulnerability exists in the embedded get function within 'main.py' in PyMuPDF version 1.26.5. This flaw enables attackers to potentially access sensitive files on the server or write arbitrary files, leading to unauthorized data exposure or system compromise. Users are advised to update to the latest version of PyMuPDF to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PyMuPDF 1.26.5 < 1.26.7

References

http://github.com/pymupdf/PyMuPDF
http://github.com/pymupdf/PyMuPDF/commit/603cafe38a183b8b...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.