Pointer Handling Vulnerability in Unity 3D by Foxit Software
CVE-2026-57260

7.8HIGH

Key Information:

Vendor

Foxit Inc.

Vendor
CVE Published:
8 July 2026

What is CVE-2026-57260?

A vulnerability exists in Foxit PDF Reader related to the parsing of PDF files containing abnormal Unity 3D objects. When the application encounters such files, it incorrectly interprets part of the abnormal object as a pointer. This mistake allows the software to believe it is working with a valid address, leading to an application crash when the address is accessed. Such vulnerabilities can potentially be exploited to disrupt the user experience and compromise application stability.

Affected Version(s)

Foxit PDF Editor MacOS Versions 2026.1.1 and earlier

Foxit PDF Editor MacOS Versions 14.0.3 and earlier

Foxit PDF Editor MacOS Versions 13.2.3 and earlier

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Liang Zhu
.