CVE-2026-49452

unknown
Published 2026-07-06 Β· Modified 2026-07-06
CVSS v3
β€”
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
β€”

Description

WeasyPrint has CSS Injection via Presentational Hints

Predictions

Exploit likelihood
30%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker Β· View original β†— Β· DFSG

CVE-2026-49452 NameCVE-2026-49452 SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists information on source packages. Source PackageReleaseVersionStatus weasyprint (PTS)bullseye51-2vulnerable bookworm57.2-1vulnerable…

CVE-2026-49452

NameCVE-2026-49452
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
weasyprint (PTS)bullseye51-2vulnerable
bookworm57.2-1vulnerable
trixie62.3-1vulnerable
forky67.0-1vulnerable
sid69.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
weasyprintsource(unstable)69.0-1

Notes

[trixie] - weasyprint <no-dsa> (Minor issue)
https://www.courtbouillon.org/blog/00067-weasyprint-69/
https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-jhhc-3hcp-qhm5

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
[trixie] - weasyprint <no-dsa> (Minor issue)https://www.courtbouillon.org/blog/00067-weasyprint-69/https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-jhhc-3hcp-qhm5

OS impact

debian Debian Mixed 5 releases
VersionStatusFixed in
trixie Affected β€”
sid Fixed 69.0-1
forky Fixed 69.0-1
bullseye Affected β€”
bookworm Affected β€”

Package impact

EcosystemPackageVulnerableFixed
python PyPIweasyprint<=68.1

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.