Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Local file open with user interaction (AV:L, UI:R), no privileges needed (PR:N), low complexity once PDF is opened, and full code execution yields C:H/I:H/A:H.
Primary rating from Vendor (Foxit).
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionNVD
When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.
AnalysisAI
Arbitrary code execution in Foxit AI (versions before 2026-06-15) occurs when the application processes JavaScript embedded in a PDF inside its sandbox but fails to intercept dangerous interfaces, permitting remote script loading. A user must open a malicious PDF for exploitation to succeed, and no public exploit identified at time of analysis with EPSS at only 0.13%. SSVC reports total technical impact but no observed exploitation.
Technical ContextAI
Foxit AI integrates JavaScript processing for PDF documents, executing scripts inside a sandbox intended to constrain access to host resources. CWE-829 (Inclusion of Functionality from Untrusted Control Sphere) identifies the root cause: the sandbox does not fully mediate certain JavaScript interfaces, allowing the embedded script to fetch and execute remote payloads from attacker-controlled origins. Affected products per CPE are cpe:2.3:a:foxit_software_inc.:foxit_ai:*:*:*:*:*:*:*:*, indicating all Foxit AI builds prior to the fix date are in scope.
RemediationAI
Patch available per vendor advisory: upgrade Foxit AI to a build dated 2026-06-15 or later per the Foxit security bulletin at https://www.foxit.com/support/security-bulletins.html. Until upgrade is possible, disable JavaScript execution in PDF preferences (this breaks legitimate interactive forms and dynamic content), block opening of PDFs from untrusted sources at the email gateway and web proxy, and restrict outbound network access from the Foxit AI process so the sandbox cannot reach attacker-controlled script hosts - note that endpoint egress filtering may break other legitimate remote-content features. User-awareness reminders to avoid opening unsolicited PDFs are a partial compensating control given the UI:R requirement.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36715
GHSA-9jq6-3jwj-jrfh