Platform
windows
Component
foxit-pdf-editor
Fixed in
2025.3.1
14.0.3
13.2.3
2025.3.1
CVE-2026-3779 describes a use-after-free vulnerability affecting Foxit PDF Editor versions up to and including 2025.3. This flaw arises from the application's mishandling of page and form objects within list box calculations, retaining stale references even after deletion or recreation. Exploitation involves crafting malicious PDF documents that trigger this condition during calculation execution, potentially enabling arbitrary code execution.
An attacker could leverage this vulnerability to execute arbitrary code on a victim's system by crafting a specially designed PDF document. Upon opening the malicious document in a vulnerable Foxit PDF Editor instance, the use-after-free condition would be triggered, potentially allowing the attacker to overwrite memory and gain control of the process. The blast radius extends to any data accessible by the PDF Editor process, including sensitive documents and system resources. While no direct precedent is immediately apparent, use-after-free vulnerabilities are frequently exploited for privilege escalation and remote code execution, similar to other memory corruption exploits.
CVE-2026-3779 was publicly disclosed on 2026-04-01. There is currently no indication of active exploitation or a public proof-of-concept. The vulnerability is not listed on the CISA KEV catalog as of this writing. The CVSS score of 7.8 (HIGH) indicates a significant potential for exploitation if a suitable exploit is developed.
Exploit Status
EPSS
0.02% (5% percentile)
CVSS Vector
The primary mitigation for CVE-2026-3779 is to upgrade Foxit PDF Editor to a version that addresses the vulnerability. Foxit has not yet released a fixed version, so users should monitor Foxit's website for updates. As a temporary workaround, consider disabling JavaScript within the PDF Editor or restricting the opening of PDF documents from untrusted sources. Implement application control policies to prevent the execution of unauthorized PDF readers. Regularly scan systems for malicious PDF files using updated antivirus signatures.
Update Foxit PDF Editor to the latest available version. Consult the Foxit security advisory for more details and specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3779 is a use-after-free vulnerability in Foxit PDF Editor versions up to 2025.3. Malicious PDF documents can trigger this, potentially leading to arbitrary code execution.
If you are using Foxit PDF Editor versions 2025.3 or earlier, you are potentially affected by this vulnerability. Check your version and upgrade as soon as a patch is available.
Upgrade Foxit PDF Editor to a patched version. Monitor Foxit's website for updates. As a temporary workaround, disable JavaScript or restrict opening PDFs from untrusted sources.
As of now, there is no indication of active exploitation or a public proof-of-concept, but the HIGH severity score warrants caution.
Please refer to the official Foxit website and security advisories for the latest information and updates regarding CVE-2026-3779.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.