Multiple Vulnerabilities Disclosed in Foxit PDF Reader and Editor
German authorities published advisories for multiple vulnerabilities affecting Foxit PDF Reader and Foxit PDF Editor, indicating ongoing security issues across the vendor's desktop PDF products. The notices identify separate advisory entries, 2026-0914 and 2026-1256, covering flaws in both Reader and Editor and signaling that organizations using Foxit software should review the affected versions and available vendor guidance.
The repeated disclosures suggest a broader patch-management concern for enterprises that rely on Foxit for document handling, particularly because PDF applications are common targets for malicious document-based exploitation. Security teams should prioritize validating installed Foxit versions, applying relevant updates, and monitoring for suspicious PDF-related activity on endpoints where Foxit Reader or Editor is deployed.
Timeline
Apr 27, 2026
dCERT publishes Foxit PDF Reader and Editor vulnerability advisory 2026-1256
dCERT published advisory 2026-1256 describing multiple vulnerabilities in Foxit PDF Reader and Editor, indicating a new disclosure or update affecting the products.
Mar 31, 2026
dCERT publishes Foxit PDF Editor and Reader vulnerability advisory 2026-0914
dCERT published advisory 2026-0914 covering multiple vulnerabilities affecting Foxit PDF Editor and Reader.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Multiple Adobe Acrobat and Reader Flaws Enable Code Execution and Information Disclosure
German authorities issued security advisories for **Adobe Acrobat DC**, **Acrobat Reader DC**, and **Adobe Acrobat Reader** covering multiple vulnerabilities that could allow **information disclosure** and **arbitrary code execution**. One advisory specifically warned that a flaw in Adobe Acrobat Reader could expose sensitive information and be leveraged for code execution, raising the risk of compromise when users open maliciously crafted PDF files. A follow-up advisory expanded the scope to **multiple vulnerabilities** across Adobe’s Acrobat product line, indicating broader exposure for enterprise and end-user systems that rely on Adobe PDF software. Organizations using affected Adobe applications should prioritize vendor patches and review endpoint protections, as successful exploitation could give attackers access to data or the ability to run code on targeted systems.
2 weeks ago
Foxit PDF Editor Cloud XSS Vulnerabilities Patched
Foxit released security updates for *Foxit PDF Editor Cloud* (and related *Foxit eSign* components) to address two **cross-site scripting (XSS)** flaws that could allow **arbitrary JavaScript execution** in a victim’s browser when handling crafted content. The issues are tracked as **CVE-2026-1591** and **CVE-2026-1592** (both **CWE-79**) and were attributed to insufficient input validation and improper output encoding that allowed untrusted data to be embedded into the application’s HTML. The vulnerable functionality includes the **File Attachments list** and **Layers panel**, where attackers could inject payloads via crafted attachment filenames or manipulated layer names inside PDFs, requiring **user interaction** (e.g., opening/interacting with malicious documents) and typically **authenticated** access. Both CVEs are rated **moderate severity** with **CVSS v3.0 6.3**; exploitation could expose sensitive information available to the user’s session (e.g., document contents and session data). Foxit’s guidance is to ensure affected services are updated; the most recent referenced update for PDF Editor Cloud was released **February 3, 2026**.
1 months ago
16 Vulnerabilities in Apryse WebViewer and Foxit PDF Cloud Services Enable Account Takeover and Data Theft
Researchers at **Novee** reported **16 vulnerabilities** affecting widely deployed PDF platforms **Apryse WebViewer** (formerly PDFTron) and **Foxit PDF cloud services/SDK components**, warning they could be exploited for **account hijacking, data theft, and in some cases remote code execution**. Reported issue classes include **DOM-based, stored, and reflected XSS**, **server-side request forgery (SSRF)**, **path traversal**, and **OS command injection**; testing indicated attackers could trigger exploitation via **crafted documents, messages, or URLs**, with elevated risk when these viewers are embedded inside **authenticated enterprise applications** and trusted domains. Technical details highlighted that Apryse WebViewer spans multiple trust boundaries (a React-based iframe UI ingesting untrusted inputs such as query strings and `postMessage`, a JavaScript/WebAssembly document engine, and server-side SDK services), and that insufficient validation across these boundaries enabled exploitation paths. The most severe issue described was a **critical OS command injection (CVSS 9.8)** in Foxit’s Node.js signature server component, where a POST body parameter was reportedly concatenated into a command execution path. Both **Apryse** and **Foxit** stated the findings were **responsibly disclosed** and addressed via **patches, updates, and configuration changes**, with additional security hardening performed during remediation.
1 months ago