Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
A low-privileged local account is needed to plant the executable (PR:L) and a privileged process must run it (UI:R); local vector with total SYSTEM impact.
Primary rating from Vendor (Foxit).
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionNVD
The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM.
AnalysisAI
Local privilege escalation in Foxit PDF Editor and Foxit PDF Reader (Windows) lets a low-privileged user place executable files that a high-privilege process later runs directly, yielding code execution as NT AUTHORITY\SYSTEM. The flaw stems from an untrusted search path (CWE-427) where the application loads and executes attacker-writable binaries without validating their origin. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already have a local, low-privileged account on a Windows host with Foxit PDF Editor or Foxit PDF Reader installed, plus write access to the directory from which a high-privilege Foxit process resolves and executes an executable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are internally consistent and point to a genuine but locally-scoped issue rather than an urgent internet-facing emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged user on a shared Windows workstation drops a malicious executable into a directory that Foxit's elevated helper process searches, then waits for or triggers the privileged process to run it. When the high-privilege process executes the planted binary, the attacker's code runs as NT AUTHORITY\SYSTEM, giving full host control. … |
| Remediation | Upgrade to the fixed Foxit builds published in the vendor security bulletin at https://www.foxit.com/support/security-bulletins.html - because the input lists only vulnerable ranges (Editor 2026.1.1/13.2.4/14.0.4 and earlier, Reader 2026.1.1 and earlier) and no exact fixed version, treat this as patch available per vendor advisory and install the next release above your branch as documented in that bulletin rather than an invented version number. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all Windows systems running Foxit PDF Editor and Reader (all versions currently unpatched). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42184
GHSA-x8h2-84hg-x9j6