CVE-2026-46529

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-46529 is identified as a command injection vulnerability impacting document viewers such as Evince, Atril, and Xreader. The flaw stems from inadequate quoting of shell-like input within the `ev_spawn()` function in `ev-application.c`. This vulnerability can be exploited through a PDF /GoToR action argv injection, which leverages the `--gtk-module dlopen` mechanism. This allows for the execution of arbitrary code, potentially via a single-click interaction with a specially crafted PDF file.

Description: -

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 7

1/ From all the recent writeups, I pick a few to read carefully and enjoy while drinking 🧉 and eating chipa, the way I did before with every (yes) Bugtraq post. This week: Qualys ptrace LPE, CVE-2026-46333 — no AI Linux PDF RCE, CVE-2026-46529 — human+AI Both are worth re
@julianor
23 May 2026
3378 Impressions
8 Retweets
42 Likes
19 Bookmarks
1 Reply
0 Quotes

References

Sources include official advisories and independent security research.

https://www.cve.org/CVERecord?id=CVE-2026-46529

Overview

AI description

Social media

References