CVE-2026-57252
Foxit · Foxit PDF Editor
A use-after-free vulnerability exists in Foxit PDF Editor and Reader, where processing malicious JavaScript while deleting pages and annotations leads to an application crash or potential code execution.
Executive summary
A critical use-after-free vulnerability in Foxit PDF Editor and Reader allows an attacker to trigger a crash or potentially execute arbitrary code via a specially crafted PDF file.
Vulnerability
This is a use-after-free (CWE-416) vulnerability triggered when the application's JavaScript engine handles specific page deletions and annotation removals, causing the attachment panel to access invalid memory pointers. Exploitation requires user interaction to open a malicious document.
Business impact
The CVSS score of 7.8 (High) reflects the potential for full compromise of confidentiality, integrity, and availability if the use-after-free condition is leveraged for arbitrary code execution. Successful exploitation could lead to unauthorized access to sensitive documents, installation of malware, or complete system instability, disrupting business operations.
Remediation
Immediate Action: Update Foxit PDF Editor and Reader to the latest versions provided by the vendor to resolve the memory management flaw.
Proactive Monitoring: Monitor endpoint logs for abnormal application termination events or unexpected process behavior associated with PDF document processing.
Compensating Controls: Disable JavaScript execution within PDF reader settings if such functionality is not required for daily business tasks.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the severity of use-after-free vulnerabilities, organizations should prioritize patching affected Foxit installations. Administrators are encouraged to verify the vendor’s security bulletin for specific version releases and deploy updates across the enterprise immediately.