A vulnerability was found in Atril . It has been classified as critical . This affects the function ev_spawn of the file ev-application.c . The manipulation leads to command injection. This vulnerability is listed as CVE-2026-46529 . The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.