A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Artifex Software Inc. *PyMuPDF* | PyMuPDF | affected |
|
No data.
No data.
No data.
Project Subscriptions
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-cxqh-p2w9-fmr7 | PyMuPDF has a path traversal in _main_.py |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 19 Mar 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Thu, 19 Mar 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5. | |
| Title | CVE-2026-3029 | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: certcc
Published:
Updated: 2026-03-19T16:21:32.940Z
Reserved: 2026-02-23T14:10:15.439Z
Link: CVE-2026-3029
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-03-19T16:16:04.297
Modified: 2026-03-19T17:16:25.070
Link: CVE-2026-3029
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.