Out-of-bounds write in Foxit PDF Editor (formerly Foxit PhantomPDF) and Foxit PDF Reader for Windows - CVE-2026-57260
Published: July 8, 2026
Foxit PDF Editor (formerly Foxit PhantomPDF)
Foxit PDF Reader for Windows
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to out-of-bounds write in Foxit PDF Reader and Foxit PDF Editor when opening certain PDFs containing an abnormal Unity 3D object. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.
3D content trust must be enabled.