Improper Validation of Array Index in Foxit PDF Editor (formerly Foxit PhantomPDF) and Foxit PDF Reader for Windows - CVE-2026-57251
Published: July 8, 2026
Foxit PDF Editor (formerly Foxit PhantomPDF)
Foxit PDF Reader for Windows
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper validation of array index in Foxit PDF Reader and Foxit PDF Editor when handling certain PDFs embedded with JavaScript to modify annotation attributes. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.
User interaction is required to open a crafted PDF file.