SB2026070111 - IBM Watson Discovery Cartridge update for pypdf



SB2026070111 - IBM Watson Discovery Cartridge update for pypdf

Published: July 1, 2026

Security Bulletin ID SB2026070111
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-31826)

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to allocation of resources without limits or throttling in the content stream parser when parsing a PDF content stream with a manipulated /Length value. A remote attacker can craft a PDF with a large /Length value to cause a denial of service.

This issue primarily affects cases where the library reads from buffers of unknown size, such as file objects opened in binary mode.


Remediation

Install update from vendor's website.