A critical remote code execution (RCE) vulnerability (CVE-2026-46529) has been discovered in popular Linux PDF viewers XReader, Evince, and Atril, which share the same codebase. The vulnerability, present for over a decade, was identified through AI-assisted code review after traditional fuzzing methods proved unsuccessful. The flaw exists in the application wrappers and could allow attackers to execute arbitrary code on affected systems.
Background
Evince is a popular PDF reader for GNOME desktop environment, while Atril is its counterpart for MATE desktop, commonly used in Linux distributions like Ubuntu and Linux Mint. These applications share the XReader codebase and are widely deployed across Linux systems.
- Source
- Lobsters
- Published
- May 23, 2026 at 06:14 AM
- Score
- 8.0 / 10