CVE-2026-57240
HIGHFoxit PDF Editor/Reader Form Field Use-After-Free Remote Code Execution Vulnerability
Title source: cnaDescription
When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash.
References (1)
Core 1
Core References
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
2.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (6)
foxit/pdf_editor
< 13.2.4.24048
foxit/pdf_reader
< 2026.1.1.36485
Foxit Software Inc./Foxit PDF Editor
Versions 13.2.4 and earlier
Foxit Software Inc./Foxit PDF Editor
Versions 14.0.4 and earlier
Foxit Software Inc./Foxit PDF Editor
Versions 2026.1.1 and earlier
Foxit Software Inc./Foxit PDF Reader
Versions 2026.1.1 and earlier
Published
Jul 08, 2026
Tracked Since
Jul 08, 2026