CVE-2026-57239
Foxit · Foxit PDF Editor
Foxit PDF Editor and Reader contain an uncontrolled search path vulnerability that allows low-privileged users to achieve system-level code execution.
Executive summary
A privilege escalation vulnerability in Foxit PDF Editor and Reader allows local attackers to achieve NT AUTHORITY\SYSTEM access by exploiting uncontrolled search path elements.
Vulnerability
This is an uncontrolled search path element vulnerability (CWE-427) where user-controlled executable files are executed by high-privilege system processes. By placing a malicious file in a specific location, a low-privileged user can force the application to execute the malicious payload with system-level privileges.
Business impact
The ability to escalate privileges to NT AUTHORITY\SYSTEM is a critical security event, as it grants the attacker complete control over the local machine. With a CVSS score of 8.2, this vulnerability allows for total compromise of the affected host, including the theft of credentials, data exfiltration, and the installation of persistent malware.
Remediation
Immediate Action: Consult the official Foxit security bulletin to identify the specific patched versions and apply the updates immediately.
Proactive Monitoring: Monitor endpoints for the creation of unexpected executable files in application directories or suspicious child processes spawned by Foxit applications.
Compensating Controls: Deploy endpoint security solutions that can detect and block unauthorized privilege escalation attempts or the execution of unsigned binaries from application-specific directories.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given that this vulnerability allows for full system compromise, it should be treated with the highest priority. Administrators should audit their environments for vulnerable versions of Foxit PDF Editor and Reader and ensure that all instances are updated to the secure versions recommended by the vendor.