—
PYSEC-2026-1760
Byaidu PDFMathTranslate vulnerable to open redirect
Details
An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / pdf2zh
No fixed version published yet for pdf2zh (pip). Pin to a known-safe version or switch to an alternative.
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-50736 [ADVISORY]
- https://github.com/Byaidu/PDFMathTranslate [PACKAGE]
- https://github.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50736 [WEB]
- https://hackmd.io/@fai1424/SJz7ttVWxe [WEB]
- https://pdf2zh.com [WEB]
- https://pypi.org/project/pdf2zh [PACKAGE]
- https://github.com/advisories/GHSA-pfrv-63w8-q7rq [ADVISORY]