CVE-2026-57237
Foxit · Foxit PDF Editor / PDF Reader
A use-after-free vulnerability in Foxit PDF Editor and Reader allows attackers to execute arbitrary code by manipulating form field properties via JavaScript.
Executive summary
A high-severity use-after-free flaw in Foxit PDF Editor and Reader poses a significant risk of arbitrary code execution through specially crafted PDF documents.
Vulnerability
This vulnerability (CWE-416) occurs when JavaScript modifies form field properties, causing the application to reference invalid memory states. This creates a use-after-free condition that can be exploited by an attacker when a victim opens a malicious PDF.
Business impact
With a CVSS score of 7.8, this vulnerability represents a significant threat to organizational security. Successful exploitation could lead to full system compromise, enabling attackers to bypass security controls and access sensitive information stored on the affected endpoint.
Remediation
Immediate Action: Apply the latest vendor security patches immediately to all affected systems.
Proactive Monitoring: Review application logs for unusual crashes or errors during PDF processing, as these can serve as indicators of an attempted exploit.
Compensating Controls: Utilize endpoint detection and response (EDR) tools to monitor for unauthorized child processes initiated by the PDF reader application.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Prompt remediation is necessary to mitigate the risk of remote code execution. Security teams should verify that all instances of Foxit PDF Editor and Reader are updated to versions released after the patch cycle to ensure the use-after-free condition is fully resolved.