Skip to main content

Foxit Pdf Editor CVE-2026-3774

| EUVDEUVD-2026-17749 MEDIUM
Information Exposure (CWE-200)
2026-04-01 Foxit GHSA-whcx-f2rj-66hj
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 01, 2026 - 01:45 euvd
EUVD-2026-17749
Analysis Generated
Apr 01, 2026 - 01:45 vuln.today
CVE Published
Apr 01, 2026 - 01:40 nvd
MEDIUM 4.7

DescriptionCVE.org

The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen.

AnalysisAI

Foxit PDF Editor allows PDF JavaScript and document actions (WillPrint/DidPrint) to modify form fields, annotations, and optional content groups immediately before or after redaction, encryption, or printing, potentially causing sensitive content to remain visible or unencrypted despite user expectations. The vulnerability affects all versions of Foxit PDF Editor and requires local access with user interaction (opening a malicious PDF). CVSS score is 4.7 with high confidentiality impact; no public exploit code or active exploitation (CISA KEV) has been identified at the time of analysis.

Technical ContextAI

The vulnerability exists in Foxit PDF Editor's implementation of PDF document processing, specifically in the JavaScript execution engine and its integration with PDF redaction, encryption, and printing workflows. PDF JavaScript can be embedded in documents and triggered by application actions (WillPrint, DidPrint events) that execute during the redaction, encryption, or print preparation phases. The root cause (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor) stems from insufficient validation and sequencing controls: the redaction, encryption, and printing logic does not properly account for or prevent script-driven modifications to document state during these critical security operations. This allows an attacker to craft a PDF where JavaScript updates form field values, annotation content, or optional content group visibility states in a narrow window of execution, bypassing the intended redaction or encryption coverage. The vulnerability is specific to how Foxit's PDF engine handles the interaction between JavaScript execution contexts and the atomic redaction/encryption/print operations.

RemediationAI

Contact Foxit Software or visit their security bulletins page (https://www.foxit.com/support/security-bulletins.html) to identify the patched version for your Foxit PDF Editor installation and download the update immediately. Foxit has released a security bulletin addressing this vulnerability; apply the vendor-recommended patch to all affected installations. As an interim measure, avoid opening untrusted PDF documents in Foxit PDF Editor and disable JavaScript execution in PDF documents if not required for your workflow (check Foxit settings under Preferences > Security or equivalent). Do not rely on PDF redaction or encryption operations in Foxit PDF Editor on potentially malicious documents until patched.

CVE-2026-57240 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg

CVE-2026-13126 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows

CVE-2026-13127 HIGH
7.8 Jul 08

Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re

CVE-2026-13128 HIGH
7.8 Jul 08

Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a

CVE-2026-13129 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack

CVE-2026-57238 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the

CVE-2026-57242 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4

CVE-2026-57245 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac

CVE-2026-57246 HIGH
7.8 Jul 08

Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr

CVE-2026-57248 HIGH
7.8 Jul 08

Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe

CVE-2026-57249 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application

CVE-2026-57251 HIGH
7.8 Jul 08

Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st

Share

CVE-2026-3774 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy