CVE-2023-52076

HIGH EXPLOITED

Atril Document Viewer <1.26.2 - Path Traversal

Title source: llm

Exploitation Summary

CVE-2023-52076 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit.

AI-analyzed exploit summary This repository contains functional exploit scripts for CVE-2023-52076, a directory traversal vulnerability in Atril/Xreader document viewers. The exploit leverages EPUB file parsing to achieve arbitrary file write and RCE via crafted .desktop entries or SSH authorized_keys.

Description

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.

Exploits (1)

vulncheck_xdb WORKING POC

client-side

https://github.com/febinrev/slippy-book-exploit

View Code ZIP pw:eip

This repository contains functional exploit scripts for CVE-2023-52076, a directory traversal vulnerability in Atril/Xreader document viewers. The exploit leverages EPUB file parsing to achieve arbitrary file write and RCE via crafted .desktop entries or SSH authorized_keys.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Atril Document Viewer, Xreader Document Viewer (MATE, Linux Mint)

No auth needed

Prerequisites: crafted EPUB file · user interaction to open the file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 25, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37

Patch x_refsource_misc

https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50

View Patch ZIP pw:eip

Release Notes x_refsource_misc

https://github.com/mate-desktop/atril/releases/tag/v1.26.2

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html

Scores

CVSS v3 8.5

EPSS 0.1371

EPSS Percentile 94.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

VulnCheck KEV 2025-12-08

CWE

CWE-22 CWE-25 CWE-27 CWE-24

Status published

Products (1)

mate-desktop/atril < 1.26.2

Published Jan 25, 2024

Tracked Since Feb 18, 2026