CVE-2026-57238

Foxit · Foxit PDF Editor / PDF Reader

A use-after-free vulnerability in Foxit PDF Editor and Reader permits arbitrary code execution when JavaScript performs invalid operations on deleted form field objects.

Executive summary

A critical use-after-free vulnerability in Foxit software enables potential system exploitation via malicious PDF files that manipulate form field object lifecycles.

Vulnerability

This is a Use-After-Free (CWE-416) vulnerability triggered when JavaScript deletes a form field object while the application continues to reference it. This memory management error can be leveraged by attackers to execute malicious code on the host machine.

Business impact

The CVSS score of 7.8 highlights the high risk associated with this vulnerability. Exploitation can lead to the unauthorized execution of code, which may result in data exfiltration, system instability, or the deployment of ransomware within the enterprise environment.

Remediation

Immediate Action: Upgrade to the most recent version of the software provided by the vendor to address the memory management flaw.

Proactive Monitoring: Implement robust logging on endpoints to identify unexpected application behavior or memory access violations.

Compensating Controls: Apply organizational policies that restrict the execution of JavaScript in PDF viewers, reducing the attack surface for document-based exploits.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Organizations should prioritize the deployment of vendor-supplied patches to eliminate this use-after-free vulnerability. Given the ease with which such flaws can be weaponized in phishing campaigns, immediate patching is recommended to secure the environment against potential exploitation.