30 May 2026
Reference: CVE-2022-28368
1. What is being reported?
The vulnerability involves Dompdf version 1.2.1, where attackers can exploit a feature that handles fonts in web pages. By inserting a specially crafted file, hackers can execute malicious commands remotely on the server running Dompdf.
2. What this means in plain English
If your website or system uses Dompdf, this flaw could let attackers take control, steal data, or disrupt your services. This is a high-risk issue because it allows remote code execution, meaning the attacker does not need physical access to your systems.
3. Could this affect a small business?
Small businesses using Dompdf directly or through common platforms like WordPress plugins, Citrix, RDP, or Linux-based systems may be vulnerable. Those not using Dompdf or related software are unlikely to be affected.
4. What to do now
- Check if your website or systems use Dompdf, especially version 1.2.1.
- Ask your IT provider or software supplier if they have applied the latest security updates or patches for Dompdf.
- If you use WordPress or other platforms that might include Dompdf, ensure all plugins and software are fully updated.
- Monitor your systems for unusual activity and review access logs for any signs of compromise.
5. Ask your IT provider
Can you confirm if our systems use Dompdf version 1.2.1 or similar, and have the necessary security patches been applied to prevent remote code execution attacks?
6. Bottom line
If you use Dompdf, update it now to stop hackers from taking control of your website or systems.
Information based on CISA KEV, NVD, and reputable security reporting including Rapid7.