A vulnerability was found in Evince and classified as critical . The impacted element is the function ev_spawn of the file ev-application.c . Executing a manipulation can lead to command injection. This vulnerability is tracked as CVE-2026-46529 . The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.