Knowledge Article View - Customer Support

Severity: High

Description: SAS^® Document Conversion 15.3 on SAS 9.4M8 (TS1M8) and SAS^® Document Conversion 15.4 on SAS 9.4M9 (TS1M9) contain versions of third-party libraries:

com.github.junrar:junrar
org.bouncycastle:bcprov-jdk18on
org.bouncycastle:bcpkix-jdk18on

These libraries are affected by the following known vulnerabilities:

CVE-2026-41245
CVE-2026-28208
CVE-2026-0636
CVE-2025-14813
CVE-2026-5598
CVE-2026-5588

Potential Impact: See the CVE records for additional information.

SAS® Document Conversion contains third-party libraries with known vulnerabilities