CVE-2026-46529 is an argument injection vulnerability in Evince, Atril, and Xreader caused by missing shell quoting when composing a command line. The reporter, João Medeiros, has published a GitHub repo for the CVE and a blog post with the story of how he discovered the flaw and developed the exploit. He also created an Atril […]
Glad it was reported properly. Imo this is just as bad as copy fail, as it affects mostly regular desktop users.
I have helped plenty of not-very-technical people switch to Linux and these kinds of vulnerabilities scare me the most when it comes to them.