JavaScript Execution Flaw in PDF Application by Foxit
CVE-2026-57256

7.8HIGH

Key Information:

Vendor

Foxit Inc.

Vendor
CVE Published:
8 July 2026

What is CVE-2026-57256?

A flaw exists in the Foxit PDF application where the handling of JavaScript within PDF files can lead to abnormal operations on list box fields. Upon executing embedded JavaScript, the application fails to properly validate form objects and their internal pointers. This oversight allows for illegal pointer readings, resulting in application crashes. After the form is reset, these problematic operations can be repeated, heightening the risk of instability in the application.

Affected Version(s)

Foxit PDF Editor MacOS Versions 2026.1.1 and earlier

Foxit PDF Editor MacOS Versions 14.0.3 and earlier

Foxit PDF Editor Windows Versions 2026.1.1 and earlier

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

KPC of Cisco Talos
.