Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    98 vulnerabilities found for Foxit PDF Reader by Foxit Software Inc.

    CVE-2026-57260 (GCVE-0-2026-57260)

    Vulnerability from nvd – Published: 2026-07-08 07:35 – Updated: 2026-07-08 12:47
    VLAI
    Title
    Security vulnerability in Foxit PDF Editor/Reader — U3D Adobe Mesh Decompression (Type Confusion / Invalid Pointer Dereference)
    Summary
    The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.3 and earlier
    Affected: Versions 13.2.3 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Liang Zhu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:47:25.274989Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:47:34.866Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.3 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.3 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Liang Zhu"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash."
                }
              ],
              "value": "The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:35:55.012Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Security vulnerability in Foxit PDF Editor/Reader \u2014 U3D Adobe Mesh Decompression (Type Confusion / Invalid Pointer Dereference)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57260",
        "datePublished": "2026-07-08T07:35:55.012Z",
        "dateReserved": "2026-06-24T03:01:24.249Z",
        "dateUpdated": "2026-07-08T12:47:34.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57259 (GCVE-0-2026-57259)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 13:15
    VLAI
    Title
    Foxit PDF Editor/Reader XDP XFA XXE arbitrary local file read
    Summary
    The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local paths, thereby allowing access to any local files within the user's permission range.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference (CWE-611)
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Trung Nguyen (@everping) of CyStack
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:15:36.665436Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:15:43.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Trung Nguyen (@everping) of CyStack"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local paths, thereby allowing access to any local files within the user\u0027s permission range."
                }
              ],
              "value": "The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local paths, thereby allowing access to any local files within the user\u0027s permission range."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "Improper Restriction of XML External Entity Reference (CWE-611)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:07.818Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader XDP XFA XXE arbitrary local file read",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57259",
        "datePublished": "2026-07-08T07:36:07.818Z",
        "dateReserved": "2026-06-24T03:01:24.249Z",
        "dateUpdated": "2026-07-08T13:15:43.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57258 (GCVE-0-2026-57258)

    Vulnerability from nvd – Published: 2026-07-08 07:35 – Updated: 2026-07-08 12:40
    VLAI
    Title
    Foxit PDF Editor/Reader Crash via Malformed PRC 3D Stream
    Summary
    The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.3 and earlier
    Affected: Versions 13.2.3 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Roddy Chow
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:40:05.161002Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:40:12.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.3 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.3 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Roddy Chow"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes."
                }
              ],
              "value": "The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:35:56.660Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Crash via Malformed PRC 3D Stream",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57258",
        "datePublished": "2026-07-08T07:35:56.660Z",
        "dateReserved": "2026-06-24T03:01:24.249Z",
        "dateUpdated": "2026-07-08T12:40:12.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57257 (GCVE-0-2026-57257)

    Vulnerability from nvd – Published: 2026-07-08 07:35 – Updated: 2026-07-08 12:39
    VLAI
    Title
    Security vulnerability in Foxit PDF Editor/Reader — PRC 3D BRep Renderer Heap OOB Read
    Summary
    During the PRC parsing stage, there is a lack of boundary verification for the PRC entity index, which leads to an out-of-bounds read of the entity array. As a result, the application crashes.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.3 and earlier
    Affected: Versions 13.2.3 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Liang Zhu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57257",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:39:26.124565Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:39:33.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.3 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.3 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Liang Zhu"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "During the PRC parsing stage, there is a lack of boundary verification for the PRC entity index, which leads to an out-of-bounds read of the entity array. As a result, the application crashes."
                }
              ],
              "value": "During the PRC parsing stage, there is a lack of boundary verification for the PRC entity index, which leads to an out-of-bounds read of the entity array. As a result, the application crashes."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:35:58.222Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Security vulnerability in Foxit PDF Editor/Reader \u2014 PRC 3D BRep Renderer Heap OOB Read",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57257",
        "datePublished": "2026-07-08T07:35:58.222Z",
        "dateReserved": "2026-06-24T03:01:24.249Z",
        "dateUpdated": "2026-07-08T12:39:33.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57256 (GCVE-0-2026-57256)

    Vulnerability from nvd – Published: 2026-07-08 07:35 – Updated: 2026-07-08 12:38
    VLAI
    Title
    Foxit Editor/Reader List Box Format Use-After-Free Vulnerability
    Summary
    When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary pointers, resulting in accessing internal members of invalid or improperly initialized fields. This led to an illegal pointer read, ultimately causing the application to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.3 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    KPC of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57256",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:38:44.758991Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:38:50.575Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.3 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "KPC of Cisco Talos"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary pointers, resulting in accessing internal members of invalid or improperly initialized fields. This led to an illegal pointer read, ultimately causing the application to crash."
                }
              ],
              "value": "When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary pointers, resulting in accessing internal members of invalid or improperly initialized fields. This led to an illegal pointer read, ultimately causing the application to crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:35:59.810Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit Editor/Reader List Box Format Use-After-Free Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57256",
        "datePublished": "2026-07-08T07:35:59.810Z",
        "dateReserved": "2026-06-24T03:01:18.718Z",
        "dateUpdated": "2026-07-08T12:38:50.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57255 (GCVE-0-2026-57255)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:46
    VLAI
    Title
    Security vulnerability in Foxit PDF Editor/Reader — OOB Read via NaN-Bypass Clamp
    Summary
    The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Liang Zhu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:46:35.839397Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:46:48.415Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Liang Zhu"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function\u0027s output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application."
                }
              ],
              "value": "The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function\u0027s output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:09.396Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Security vulnerability in Foxit PDF Editor/Reader \u2014 OOB Read via NaN-Bypass Clamp",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57255",
        "datePublished": "2026-07-08T07:36:09.396Z",
        "dateReserved": "2026-06-24T03:01:18.718Z",
        "dateUpdated": "2026-07-08T12:46:48.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57254 (GCVE-0-2026-57254)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:46
    VLAI
    Title
    Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability
    Summary
    There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:45:55.295384Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:46:02.325Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash."
                }
              ],
              "value": "There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) (CWE-843)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:10.974Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57254",
        "datePublished": "2026-07-08T07:36:10.974Z",
        "dateReserved": "2026-06-24T03:01:18.718Z",
        "dateUpdated": "2026-07-08T12:46:02.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57253 (GCVE-0-2026-57253)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:43
    VLAI
    Title
    Foxit PDF Editor/Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
    Summary
    An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Anonymous working with TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:42:55.808823Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:43:06.097Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing."
                }
              ],
              "value": "An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:14.101Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57253",
        "datePublished": "2026-07-08T07:36:14.101Z",
        "dateReserved": "2026-06-24T03:01:18.718Z",
        "dateUpdated": "2026-07-08T12:43:06.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57252 (GCVE-0-2026-57252)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:43
    VLAI
    Title
    Foxit PDF Editor/Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
    Summary
    When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Anonymous working with TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57252",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:43:48.257346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:43:57.683Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing."
                }
              ],
              "value": "When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:12.539Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader AcroForm Use-After-Free Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57252",
        "datePublished": "2026-07-08T07:36:12.539Z",
        "dateReserved": "2026-06-24T03:01:18.717Z",
        "dateUpdated": "2026-07-08T12:43:57.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57251 (GCVE-0-2026-57251)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:41
    VLAI
    Title
    Foxit PDF Editor/Reader Cloud Appearance Buffer Overflow Vulnerability
    Summary
    The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:40:43.424088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:41:07.653Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application."
                }
              ],
              "value": "The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:15.661Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Cloud Appearance Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57251",
        "datePublished": "2026-07-08T07:36:15.661Z",
        "dateReserved": "2026-06-24T03:01:18.717Z",
        "dateUpdated": "2026-07-08T12:41:07.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57250 (GCVE-0-2026-57250)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 13:13
    VLAI
    Title
    Foxit PDF Editor/Reader Form Field Use-After-Free Vulnerability
    Summary
    When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.3 and earlier
    Affected: Versions 13.2.3 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57250",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:13:48.237727Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:13:58.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.3 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.3 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing."
                }
              ],
              "value": "When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:01.416Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Form Field Use-After-Free Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57250",
        "datePublished": "2026-07-08T07:36:01.416Z",
        "dateReserved": "2026-06-24T03:01:18.717Z",
        "dateUpdated": "2026-07-08T13:13:58.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57249 (GCVE-0-2026-57249)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:40
    VLAI
    Title
    Foxit PDF Editor/Reader Annotation Use-After-Free Vulnerability
    Summary
    After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57249",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:40:18.806545Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:40:28.820Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed."
                }
              ],
              "value": "After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:17.227Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Annotation Use-After-Free Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57249",
        "datePublished": "2026-07-08T07:36:17.227Z",
        "dateReserved": "2026-06-24T03:01:18.717Z",
        "dateUpdated": "2026-07-08T12:40:28.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57248 (GCVE-0-2026-57248)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:38
    VLAI
    Title
    Foxit PDF Editor/Reader Annotation Improper Release Vulnerability
    Summary
    When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-763 - Release of invalid pointer or reference
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57248",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:38:08.327134Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:38:26.513Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release."
                }
              ],
              "value": "When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-763",
                  "description": "CWE-763 Release of invalid pointer or reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:18.835Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Annotation Improper Release Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57248",
        "datePublished": "2026-07-08T07:36:18.835Z",
        "dateReserved": "2026-06-24T03:01:18.717Z",
        "dateUpdated": "2026-07-08T12:38:26.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57247 (GCVE-0-2026-57247)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 13:14
    VLAI
    Title
    Foxit PDF Editor/Reader Field Use-After-Free Vulnerability
    Summary
    The application re-enters the document structure via field processing and deletes the current page, and then continues using the field objects obtained before deletion, triggering an illegal read and crashing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.3 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57247",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:14:19.061141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:14:30.233Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.3 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The application re-enters the document structure via field processing and deletes the current page, and then continues using the field objects obtained before deletion, triggering an illegal read and crashing."
                }
              ],
              "value": "The application re-enters the document structure via field processing and deletes the current page, and then continues using the field objects obtained before deletion, triggering an illegal read and crashing."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:03.024Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Field Use-After-Free Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57247",
        "datePublished": "2026-07-08T07:36:03.024Z",
        "dateReserved": "2026-06-24T03:01:18.717Z",
        "dateUpdated": "2026-07-08T13:14:30.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57246 (GCVE-0-2026-57246)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:37
    VLAI
    Title
    Foxit PDF Editor/Reader Signature Buffer Overflow Vulnerability
    Summary
    When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input (CWE-120)
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:27:49.970979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:37:10.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash."
                }
              ],
              "value": "When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (CWE-120)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:49:13.747Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Signature Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57246",
        "datePublished": "2026-07-08T07:36:20.437Z",
        "dateReserved": "2026-06-24T03:01:15.649Z",
        "dateUpdated": "2026-07-08T12:37:10.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57245 (GCVE-0-2026-57245)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 13:44
    VLAI
    Title
    Foxit PDF Editor/Reader Signature Hyperlink Use-After-Free Vulnerability
    Summary
    When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an invalid pointer write occurred, causing the application to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:35:05.013350Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:44:42.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an invalid pointer write occurred, causing the application to crash."
                }
              ],
              "value": "When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an invalid pointer write occurred, causing the application to crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:22.015Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Signature Hyperlink Use-After-Free Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57245",
        "datePublished": "2026-07-08T07:36:22.015Z",
        "dateReserved": "2026-06-24T03:01:15.649Z",
        "dateUpdated": "2026-07-08T13:44:42.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57244 (GCVE-0-2026-57244)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 13:14
    VLAI
    Title
    Foxit PDF Editor/Reader Form Control Use-After-Free Vulnerability
    Summary
    After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.3 and earlier
    Affected: Versions 13.2.3 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:14:43.136775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:14:51.433Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.3 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.3 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash."
                }
              ],
              "value": "After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:04.601Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Form Control Use-After-Free Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57244",
        "datePublished": "2026-07-08T07:36:04.601Z",
        "dateReserved": "2026-06-24T03:01:15.649Z",
        "dateUpdated": "2026-07-08T13:14:51.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57243 (GCVE-0-2026-57243)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 13:16
    VLAI
    Title
    Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability
    Summary
    During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:16:00.513613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:16:09.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash."
                }
              ],
              "value": "During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:23.592Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57243",
        "datePublished": "2026-07-08T07:36:23.592Z",
        "dateReserved": "2026-06-24T03:01:15.648Z",
        "dateUpdated": "2026-07-08T13:16:09.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57242 (GCVE-0-2026-57242)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 13:16
    VLAI
    Title
    Foxit PDF Editor/Reader Page Use-After-Free Vulnerability
    Summary
    The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:16:23.410682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:16:35.128Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash."
                }
              ],
              "value": "The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:25.247Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Page Use-After-Free Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57242",
        "datePublished": "2026-07-08T07:36:25.247Z",
        "dateReserved": "2026-06-24T03:01:15.648Z",
        "dateUpdated": "2026-07-08T13:16:35.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57241 (GCVE-0-2026-57241)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 13:17
    VLAI
    Title
    Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability
    Summary
    The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57241",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:17:20.375640Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:17:27.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds access."
                }
              ],
              "value": "The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds access."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:26.902Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57241",
        "datePublished": "2026-07-08T07:36:26.902Z",
        "dateReserved": "2026-06-24T03:01:15.648Z",
        "dateUpdated": "2026-07-08T13:17:27.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57240 (GCVE-0-2026-57240)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:20
    VLAI
    Title
    Foxit PDF Editor/Reader Form Field Use-After-Free Remote Code Execution Vulnerability
    Summary
    When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    XuPeng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:17:20.252962Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:20:15.388Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "XuPeng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash."
                }
              ],
              "value": "When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:31.636Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Form Field Use-After-Free Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57240",
        "datePublished": "2026-07-08T07:36:31.636Z",
        "dateReserved": "2026-06-24T03:01:15.648Z",
        "dateUpdated": "2026-07-08T12:20:15.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57239 (GCVE-0-2026-57239)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:17
    VLAI
    Title
    Foxit PDF Editor/Reader Local Privilege Escalation
    Summary
    The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Uncontrolled Search Path Element (CWE‑427)
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Luke Paris (@Paradoxis)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57239",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:14:54.272246Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:17:07.949Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luke Paris (@Paradoxis)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\\SYSTEM."
                }
              ],
              "value": "The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\\SYSTEM."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Local Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uncontrolled Search Path Element (CWE\u2011427)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:33.186Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Local Privilege Escalation",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57239",
        "datePublished": "2026-07-08T07:36:33.186Z",
        "dateReserved": "2026-06-24T03:01:15.648Z",
        "dateUpdated": "2026-07-08T12:17:07.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57238 (GCVE-0-2026-57238)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 13:18
    VLAI
    Title
    Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
    Summary
    After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Anonymous working with TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57238",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:17:47.137145Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:18:08.981Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash."
                }
              ],
              "value": "After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:28.457Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57238",
        "datePublished": "2026-07-08T07:36:28.457Z",
        "dateReserved": "2026-06-24T03:01:15.648Z",
        "dateUpdated": "2026-07-08T13:18:08.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57237 (GCVE-0-2026-57237)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 13:15
    VLAI
    Title
    Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
    Summary
    When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.3 and earlier
    Affected: Versions 13.2.3 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Anonymous working with TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57237",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:15:11.236648Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:15:21.343Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.3 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.3 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application."
                }
              ],
              "value": "When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:06.219Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-57237",
        "datePublished": "2026-07-08T07:36:06.219Z",
        "dateReserved": "2026-06-24T03:01:15.648Z",
        "dateUpdated": "2026-07-08T13:15:21.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13129 (GCVE-0-2026-13129)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 13:20
    VLAI
    Title
    Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
    Summary
    When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Anonymous working with TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13129",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:20:17.240504Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:20:30.258Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer."
                }
              ],
              "value": "When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:30.034Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-13129",
        "datePublished": "2026-07-08T07:36:30.034Z",
        "dateReserved": "2026-06-24T03:01:54.524Z",
        "dateUpdated": "2026-07-08T13:20:30.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13128 (GCVE-0-2026-13128)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:14
    VLAI
    Title
    Foxit PDF Editor/Reader Doc Object Use-After-Free Remote Code Execution Vulnerability
    Summary
    Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Anonymous working with TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13128",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:14:16.115665Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:14:25.870Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application."
                }
              ],
              "value": "Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:34.775Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Doc Object Use-After-Free Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-13128",
        "datePublished": "2026-07-08T07:36:34.775Z",
        "dateReserved": "2026-06-24T03:01:51.769Z",
        "dateUpdated": "2026-07-08T12:14:25.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13127 (GCVE-0-2026-13127)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:13
    VLAI
    Title
    Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
    Summary
    The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Anonymous working with TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13127",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:13:51.030975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:13:59.482Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash."
                }
              ],
              "value": "The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:36.349Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-13127",
        "datePublished": "2026-07-08T07:36:36.349Z",
        "dateReserved": "2026-06-24T03:01:48.781Z",
        "dateUpdated": "2026-07-08T12:13:59.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13126 (GCVE-0-2026-13126)

    Vulnerability from nvd – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:13
    VLAI
    Title
    Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
    Summary
    The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Anonymous working with TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13126",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:12:57.219611Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:13:27.791Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing."
                }
              ],
              "value": "The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:40:47.204Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-13126",
        "datePublished": "2026-07-08T07:36:37.927Z",
        "dateReserved": "2026-06-24T03:01:45.197Z",
        "dateUpdated": "2026-07-08T12:13:27.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13126 (GCVE-0-2026-13126)

    Vulnerability from cvelistv5 – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:13
    VLAI
    Title
    Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
    Summary
    The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Anonymous working with TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13126",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:12:57.219611Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:13:27.791Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing."
                }
              ],
              "value": "The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:40:47.204Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-13126",
        "datePublished": "2026-07-08T07:36:37.927Z",
        "dateReserved": "2026-06-24T03:01:45.197Z",
        "dateUpdated": "2026-07-08T12:13:27.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13127 (GCVE-0-2026-13127)

    Vulnerability from cvelistv5 – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:13
    VLAI
    Title
    Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
    Summary
    The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Foxit Software Inc. Foxit PDF Editor Affected: Versions 2026.1.1 and earlier
    Affected: Versions 14.0.4 and earlier
    Affected: Versions 13.2.4 and earlier
    Create a notification for this product.
    Foxit Software Inc. Foxit PDF Reader Affected: Versions 2026.1.1 and earlier
    Create a notification for this product.
    Credits
    Anonymous working with TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13127",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:13:51.030975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:13:59.482Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Editor",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 14.0.4 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Versions 13.2.4 and earlier"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Foxit PDF Reader",
              "vendor": "Foxit Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 2026.1.1 and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash."
                }
              ],
              "value": "The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Potential arbitrary code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T07:36:36.349Z",
            "orgId": "14984358-7092-470d-8f34-ade47a7658a2",
            "shortName": "Foxit"
          },
          "references": [
            {
              "url": "https://www.foxit.com/support/security-bulletins.html"
            }
          ],
          "title": "Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
        "assignerShortName": "Foxit",
        "cveId": "CVE-2026-13127",
        "datePublished": "2026-07-08T07:36:36.349Z",
        "dateReserved": "2026-06-24T03:01:48.781Z",
        "dateUpdated": "2026-07-08T12:13:59.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }