SB2026070823 - Multiple vulnerabilities in Foxit PDF Reader and PDF Editor for Windows



SB2026070823 - Multiple vulnerabilities in Foxit PDF Reader and PDF Editor for Windows

Published: July 8, 2026

Security Bulletin ID SB2026070823
CSH Severity
High
Patch available
YES
Number of vulnerabilities 28
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 71% Medium 7% Low 21%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 28 vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2026-57256)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


2) Use-after-free (CVE-ID: CVE-2026-13127)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


3) Use-after-free (CVE-ID: CVE-2026-13128)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


4) Use-after-free (CVE-ID: CVE-2026-13129)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


5) Use-after-free (CVE-ID: CVE-2026-57237)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


6) Use-after-free (CVE-ID: CVE-2026-57238)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


7) Use-after-free (CVE-ID: CVE-2026-57240)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


8) Use-after-free (CVE-ID: CVE-2026-57242)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


9) Use-after-free (CVE-ID: CVE-2026-57244)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


10) Use-after-free (CVE-ID: CVE-2026-57245)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


11) Use-after-free (CVE-ID: CVE-2026-57247)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


12) Use-after-free (CVE-ID: CVE-2026-57249)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


13) Use-after-free (CVE-ID: CVE-2026-57250)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


14) Use-after-free (CVE-ID: CVE-2026-57252)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


15) Out-of-bounds read (CVE-ID: CVE-2026-57241)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Foxit PDF Reader and Foxit PDF Editor when parsing certain PDFs containing abnormal page trees, image objects, or color spaces. A remote attacker can trick the victim into opening a crafted PDF file to disclose sensitive information.

User interaction is required to open a crafted PDF file.


16) Use-after-free (CVE-ID: CVE-2026-13126)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


17) Out-of-bounds read (CVE-ID: CVE-2026-57243)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Foxit PDF Reader and Foxit PDF Editor when parsing certain PDFs containing abnormal page trees, image objects, or color spaces. A remote attacker can trick the victim into opening a crafted PDF file to disclose sensitive information.

User interaction is required to open a crafted PDF file.


18) Out-of-bounds read (CVE-ID: CVE-2026-57253)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Foxit PDF Reader and Foxit PDF Editor when parsing certain PDFs containing abnormal page trees, image objects, or color spaces. A remote attacker can trick the victim into opening a crafted PDF file to disclose sensitive information.

User interaction is required to open a crafted PDF file.


19) Out-of-bounds read (CVE-ID: CVE-2026-57255)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Foxit PDF Reader and Foxit PDF Editor when parsing certain PDFs containing abnormal page trees, image objects, or color spaces. A remote attacker can trick the victim into opening a crafted PDF file to disclose sensitive information.

User interaction is required to open a crafted PDF file.


20) Buffer overflow (CVE-ID: CVE-2026-57246)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to buffer copy without checking size of input in Foxit PDF Reader and Foxit PDF Editor when handling certain PDFs containing abnormal signature fields or annotation objects. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


21) Release of invalid pointer or reference (CVE-ID: CVE-2026-57248)

CWE-ID: CWE-763 - Release of invalid pointer or reference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to release of invalid pointer or reference in Foxit PDF Reader and Foxit PDF Editor when handling certain PDFs embedded with JavaScript to modify annotation attributes. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


22) Improper Validation of Array Index (CVE-ID: CVE-2026-57251)

CWE-ID: CWE-129 - Improper Validation of Array Index

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper validation of array index in Foxit PDF Reader and Foxit PDF Editor when handling certain PDFs embedded with JavaScript to modify annotation attributes. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


23) Type Confusion (CVE-ID: CVE-2026-57254)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to type confusion in Foxit PDF Reader and Foxit PDF Editor when parsing certain PDFs containing abnormal annotations. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

User interaction is required to open a crafted PDF file.


24) Out-of-bounds read (CVE-ID: CVE-2026-57257)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Foxit PDF Reader and Foxit PDF Editor when opening certain PDFs containing a malformed PRC stream. A remote attacker can trick the victim into opening a crafted PDF file to disclose sensitive information.


25) Out-of-bounds read (CVE-ID: CVE-2026-57258)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Foxit PDF Reader and Foxit PDF Editor when opening certain PDFs containing an abnormal Unity 3D object. A remote attacker can trick the victim into opening a crafted PDF file to disclose sensitive information.

3D content trust must be enabled.


26) Out-of-bounds write (CVE-ID: CVE-2026-57260)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to out-of-bounds write in Foxit PDF Reader and Foxit PDF Editor when opening certain PDFs containing an abnormal Unity 3D object. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.

3D content trust must be enabled.


27) XML External Entity injection (CVE-ID: CVE-2026-57259)

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper restriction of XML external entity reference in XDP/XML parsing in Foxit PDF Reader and Foxit PDF Editor when parsing crafted XDP documents disguised as PDF files. A remote attacker can trick the victim into opening a crafted file to disclose sensitive information.

User interaction is required to open a crafted file.


28) Insecure DLL loading (CVE-ID: CVE-2026-57239)

CWE-ID: CWE-427 - Uncontrolled Search Path Element

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to escalate privileges.

The vulnerability exists due to uncontrolled search path element in the Foxit update service when checking for updates. A remote attacker can place a malicious DLL file to escalate privileges.

User interaction is required to initiate the update check.


Remediation

Install update from vendor's website.