CVE-2026-57240

HIGH

Foxit PDF Editor/Reader Form Field Use-After-Free Remote Code Execution Vulnerability

Title source: cna
STIX 2.1

Description

When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash.

References (1)

Core 1

Scores

CVSS v3 7.8
EPSS 0.0013
EPSS Percentile 2.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (6)
foxit/pdf_editor < 13.2.4.24048
foxit/pdf_reader < 2026.1.1.36485
Foxit Software Inc./Foxit PDF Editor Versions 13.2.4 and earlier
Foxit Software Inc./Foxit PDF Editor Versions 14.0.4 and earlier
Foxit Software Inc./Foxit PDF Editor Versions 2026.1.1 and earlier
Foxit Software Inc./Foxit PDF Reader Versions 2026.1.1 and earlier
Published Jul 08, 2026
Tracked Since Jul 08, 2026