jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" pr

Severity:: High

Description

User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions.

If given the possibility to pass unsanitized input to the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option.

Recommendation

Update the jspdf package to the latest compatible version. Followings are version details:

Affected version(s): < 4.2.0
Patched version(s): 4.2.0

References

GHSA-p5xg-68wr-hm3m
CVE-2026-25940
CWE-116
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution - CVE-2026-24737
jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method - CVE-2026-25755
jsPDF has a PDF Object Injection via FreeText color - CVE-2026-31898
jsPDF has HTML Injection in New Window paths - CVE-2026-31938

Tags:: npm; jspdf

Anything's wrong? Let us know Last updated on March 11, 2026