A vulnerability marked as critical has been reported in parallax jsPDF up to 4.2.0 . This impacts the function createAnnotation of the component API . This manipulation of the argument Color causes escaping of output. This vulnerability is handled as CVE-2026-31898 . The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.