CVE-2026-57249
Foxit · Foxit PDF Editor and Foxit PDF Reader
A use-after-free vulnerability in Foxit PDF Editor and Reader allows attackers to execute arbitrary code via a malicious PDF file that resets annotation status and triggers a form reset event.
Executive summary
A critical use-after-free vulnerability in Foxit PDF software could allow a remote attacker to achieve arbitrary code execution through a specially crafted PDF document.
Vulnerability
This vulnerability (CWE-416) involves a use-after-free condition triggered when the application processes a PDF that resets annotation status and subsequently invokes a form reset event. The attack requires user interaction, such as opening a malicious file, and does not require prior authentication.
Business impact
Successful exploitation allows an attacker to gain control over the affected system, potentially leading to unauthorized data access, malware installation, or system compromise. With a CVSS score of 7.8, this flaw represents a significant risk to organizational endpoints, particularly in environments where users frequently interact with untrusted PDF documents.
Remediation
Immediate Action: Update Foxit PDF Editor and Reader to the latest versions provided by the vendor as soon as they become available.
Proactive Monitoring: Monitor endpoint logs for abnormal application crashes or unexpected child processes spawned by the PDF reader.
Compensating Controls: Deploy endpoint protection solutions capable of detecting memory corruption patterns and restrict user permissions to limit the impact of potential code execution.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the potential for arbitrary code execution, this vulnerability poses a high risk to the integrity and security of workstations. Administrators must prioritize patching these versions across all managed endpoints to mitigate the threat of memory corruption attacks.