CVE-2026-57240

Foxit · Foxit PDF Editor

A use-after-free vulnerability in Foxit PDF Editor/Reader occurs when JavaScript deletes PDF fields, leading to invalid pointer references and potential application crashes or arbitrary code execution.

Executive summary

A critical use-after-free vulnerability in Foxit PDF Editor and Reader allows attackers to trigger invalid pointer references through malicious JavaScript, risking arbitrary code execution.

Vulnerability

This is a Use-After-Free (CWE-416) vulnerability triggered when the application processes a PDF containing JavaScript that deletes form fields. The application fails to update pointers correctly, allowing an attacker to manipulate memory, which typically requires user interaction to open the malicious file.

Business impact

The CVSS score of 7.8 (High) reflects the significant risk posed by this vulnerability. Successful exploitation could lead to total system compromise, unauthorized data access, or denial-of-service, directly impacting the integrity and availability of workstations handling sensitive PDF documentation.

Remediation

Immediate Action: Update Foxit PDF Editor and Reader to the latest available versions provided by the vendor as soon as they are released.

Proactive Monitoring: Monitor endpoint logs for abnormal application crashes or unexpected child processes originating from the PDF reader environment.

Compensating Controls: Implement organizational policies to restrict the execution of JavaScript within PDF viewers and utilize endpoint security solutions to block suspicious file execution.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the high CVSS score and the potential for arbitrary code execution, this vulnerability poses a substantial risk to organizational assets. Administrators should prioritize deploying vendor-supplied patches as soon as they become available to mitigate the risk of memory corruption-based attacks.