CVE-2026-57250

HIGH

Foxit PDF Editor/Reader Form Field Use-After-Free Vulnerability

Title source: cna
STIX 2.1

Description

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing.

References (1)

Core 1

Scores

CVSS v3 7.8
EPSS 0.0012
EPSS Percentile 1.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (8)
foxit/pdf_editor < 13.2.4.24048
foxit/pdf_reader < 2026.1.1.36485
Foxit Software Inc./Foxit PDF Editor Versions 13.2.3 and earlier
Foxit Software Inc./Foxit PDF Editor Versions 13.2.4 and earlier
Foxit Software Inc./Foxit PDF Editor Versions 14.0.3 and earlier
Foxit Software Inc./Foxit PDF Editor Versions 14.0.4 and earlier
Foxit Software Inc./Foxit PDF Editor Versions 2026.1.1 and earlier
Foxit Software Inc./Foxit PDF Reader Versions 2026.1.1 and earlier
Published Jul 08, 2026
Tracked Since Jul 08, 2026