VDB
KO

PYSEC-2026-1760

Byaidu PDFMathTranslate vulnerable to open redirect

Details

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pdf2zh

No fixed version published yet for pdf2zh (pip). Pin to a known-safe version or switch to an alternative.

References