CVE-2026-41653

HIGH

BentoPDF: Stored XSS via Markdown Editor Leading to Persistent File Exfiltration

Title source: cna

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-41653. PoCs published by adminlove520, Astaruf.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-41653, a stored XSS vulnerability in BentoPDF ≤ 2.8.2 that leads to file exfiltration. The PoC includes a Python script to generate a malicious Markdown file and a server to receive exfiltrated data.

Description

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8.3.

Exploits (2)

github WORKING POC 4 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2026/CVE-2026-41653

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-41653, a stored XSS vulnerability in BentoPDF ≤ 2.8.2 that leads to file exfiltration. The PoC includes a Python script to generate a malicious Markdown file and a server to receive exfiltrated data.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: BentoPDF ≤ 2.8.2

No auth needed

Prerequisites: Victim must open the malicious Markdown file in BentoPDF's Markdown-to-PDF tool

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 18, 2026 Full analysis →

github WORKING POC

by Astaruf · pythonpoc

https://github.com/Astaruf/CVE-2026-41653

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2026-41653, demonstrating a stored XSS vulnerability in BentoPDF ≤ 2.8.2 that leads to file exfiltration. The exploit leverages unsanitized HTML injection in the Markdown-to-PDF tool to execute arbitrary JavaScript, enabling silent exfiltration of files processed by the victim.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: BentoPDF ≤ 2.8.2

No auth needed

Prerequisites: Victim must open a crafted Markdown file in BentoPDF's Markdown-to-PDF tool

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 17, 2026 Full analysis →

References (2)

Core 2

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/alam00000/bentopdf/security/advisories/GHSA-6vh8-4frx-647f

X_Refsource_Misc x_refsource_misc

https://github.com/alam00000/bentopdf/releases/tag/v2.8.3

Scores

CVSS v4 7.0

EPSS 0.0007

EPSS Percentile 21.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

alam00000/bentopdf < 2.8.3

Published May 07, 2026

Tracked Since May 08, 2026