CVE-2026-40505
Analyzed Analyzed - Analysis Complete
ANSI Escape Injection in MuPDF mutool Metadata Enables Terminal Spoofing

Publication date: 2026-04-16

Last updated on: 2026-05-26

Assigner: VulnCheck

Description
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool info, enabling them to manipulate terminal display for social engineering attacks such as presenting fake prompts or spoofed commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-16
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-04-16
EPSS Evaluated
2026-06-14
NVD
CVE-2026-40505
EUVD
EUVD-2026-23147
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
artifex mupdf to 1.27.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-150 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-40505 is a vulnerability in MuPDF's mutool where PDF metadata fields are not sanitized before being output to the terminal.

Attackers can embed malicious ANSI escape sequences in crafted PDF metadata. When the mutool info command is run on such a PDF, these escape codes are executed in the terminal.

This allows attackers to manipulate the terminal display by clearing it and rendering arbitrary text, which can be used for social engineering attacks such as showing fake prompts or spoofed commands.

Impact Analysis

This vulnerability can impact you by allowing attackers to manipulate your terminal display when you run mutool info on a crafted PDF.

Specifically, attackers can clear your terminal screen and display arbitrary text, potentially tricking you into executing malicious commands or revealing sensitive information through social engineering.

The impact is limited to integrity issues due to terminal manipulation, with no direct impact on confidentiality or availability.

Detection Guidance

This vulnerability can be detected by examining PDF files for malicious ANSI escape sequences embedded in their metadata fields. Running the vulnerable mutool info command on a crafted PDF file will trigger the ANSI escape sequences if present.

A practical detection method is to run the following command on suspect PDF files:

  • mutool info <filename.pdf>

If the terminal display is unexpectedly cleared or arbitrary text appears, this indicates the presence of malicious ANSI escape sequences in the PDF metadata, confirming the vulnerability.

Mitigation Strategies

To mitigate this vulnerability, immediately update MuPDF to a version that includes the patch addressing this issue (post commit 0f17d78).

Until the update is applied, avoid running mutool info on untrusted or suspicious PDF files to prevent execution of malicious ANSI escape sequences.

Additionally, consider running mutool in an environment that does not interpret ANSI escape sequences or redirecting output to a file rather than the terminal.

Compliance Impact

This vulnerability allows attackers to inject arbitrary ANSI escape sequences into terminal output via unsanitized PDF metadata, enabling social engineering attacks such as fake prompts or spoofed commands.

However, the vulnerability does not impact confidentiality or availability, and only causes limited integrity issues through terminal manipulation.

There is no direct information indicating that this vulnerability affects compliance with common standards and regulations like GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40505. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart