CVE-2025-26240

An attacker provides crafted HTML input to the `from_string` method containing meta tags with names starting with `pdfkit-`. The library parses these meta tags and passes their values as command-line arguments to `wkhtmltopdf`. By injecting arguments such as `--post-file` and `--enable-local-file-access`, the attacker can read arbitrary local files (e.g., `/etc/passwd`) and exfiltrate them via a POST request to an attacker-controlled server. The `--script` argument can also be used to execute arbitrary JavaScript, enabling Server-Side Request Forgery (SSRF) against internal services. [ref_id=1] [ref_id=2]

The vulnerability resides in the `from_string` method of `pdfkit/pdfkit.py`. The `_find_options_in_meta` method parses user-supplied HTML meta tags whose names start with `pdfkit-` and treats their values as command-line arguments for `wkhtmltopdf`. The `_normalize_options` method only checks that the key contains two dashes, allowing an attacker to inject arbitrary `wkhtmltopdf` arguments such as `--post-file`, `--enable-local-file-access`, and `--script`. Additionally, Python's `OrderedDict.update` preserves key order, so attacker-set options can override developer-enforced security options like `--disable-javascript` or `--disable-local-file-access`.

The advisory does not provide a patch diff. The recommended remediation is for developers to avoid relying on the `options` dictionary to enforce security constraints, because Python's `OrderedDict.update` allows attacker-controlled meta tags to override developer-set options. The suggested solution is to explicitly sanitize or reject dangerous `wkhtmltopdf` arguments (e.g., `--post-file`, `--enable-local-file-access`, `--script`) before passing them to the subprocess, or to disable the parsing of `pdfkit-` meta tags entirely when processing untrusted HTML input. [ref_id=2]