Severity by source
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen.
AnalysisAI
Foxit PDF Editor allows PDF JavaScript and document actions (WillPrint/DidPrint) to modify form fields, annotations, and optional content groups immediately before or after redaction, encryption, or printing, potentially causing sensitive content to remain visible or unencrypted despite user expectations. The vulnerability affects all versions of Foxit PDF Editor and requires local access with user interaction (opening a malicious PDF). CVSS score is 4.7 with high confidentiality impact; no public exploit code or active exploitation (CISA KEV) has been identified at the time of analysis.
Technical ContextAI
The vulnerability exists in Foxit PDF Editor's implementation of PDF document processing, specifically in the JavaScript execution engine and its integration with PDF redaction, encryption, and printing workflows. PDF JavaScript can be embedded in documents and triggered by application actions (WillPrint, DidPrint events) that execute during the redaction, encryption, or print preparation phases. The root cause (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor) stems from insufficient validation and sequencing controls: the redaction, encryption, and printing logic does not properly account for or prevent script-driven modifications to document state during these critical security operations. This allows an attacker to craft a PDF where JavaScript updates form field values, annotation content, or optional content group visibility states in a narrow window of execution, bypassing the intended redaction or encryption coverage. The vulnerability is specific to how Foxit's PDF engine handles the interaction between JavaScript execution contexts and the atomic redaction/encryption/print operations.
RemediationAI
Contact Foxit Software or visit their security bulletins page (https://www.foxit.com/support/security-bulletins.html) to identify the patched version for your Foxit PDF Editor installation and download the update immediately. Foxit has released a security bulletin addressing this vulnerability; apply the vendor-recommended patch to all affected installations. As an interim measure, avoid opening untrusted PDF documents in Foxit PDF Editor and disable JavaScript execution in PDF documents if not required for your workflow (check Foxit settings under Preferences > Security or equivalent). Do not rely on PDF redaction or encryption operations in Foxit PDF Editor on potentially malicious documents until patched.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17749
GHSA-whcx-f2rj-66hj