MEDIUMCVE-2026-3777CVSS 5.5

CVE-2026-3777: Use-After-Free in Foxit PDF Editor

Platform

windows

Component

foxit-pdf-editor

Fixed in

2025.3.1

14.0.3

13.2.3

2025.3.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

CVE-2026-3777 describes a Use-After-Free vulnerability affecting Foxit PDF Editor versions up to 2025.3. This flaw arises from insufficient validation of view cache pointers after JavaScript modifications to document zoom and page state. Successful exploitation could lead to arbitrary code execution, allowing attackers to compromise the system. A patch is available from Foxit.

Impact and Attack Scenarios

An attacker could exploit this vulnerability by crafting malicious JavaScript within a PDF document. This script would manipulate the document's zoom level and trigger a page change, creating a scenario where a view object is prematurely destroyed while stale pointers remain active. Subsequent dereferencing of these stale pointers results in a use-after-free condition. This condition can be leveraged to overwrite memory regions, potentially allowing the attacker to inject and execute arbitrary code on the affected system. The blast radius extends to any user opening the malicious PDF, and the impact could range from information theft to complete system compromise. While no direct precedent is immediately apparent, the use-after-free nature of the vulnerability aligns with common exploitation techniques used in other PDF parsing libraries.

Exploitation Context

CVE-2026-3777 was publicly disclosed on 2026-04-01. The vulnerability's severity is rated as MEDIUM (CVSS 5.5). As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability has not been added to the CISA KEV catalog. Active exploitation campaigns are currently unconfirmed, but the potential for exploitation exists given the availability of PDF editing tools and the complexity of PDF parsing.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureLow

Reports1 threat report

EPSS

0.02% (4% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impactpartial

CVSS Vector

What do these metrics mean?

Attack Vector: Local — attacker needs a local shell or interactive session on the system.
Attack Complexity: Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required: None — unauthenticated. No login or credentials needed to exploit.
User Interaction: Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope: Unchanged — impact is limited to the vulnerable component itself.
Confidentiality: None — no confidentiality impact. Attacker cannot read protected data.
Integrity: None — no integrity impact. Attacker cannot modify data.
Availability: High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentfoxit-pdf-editor

VendorFoxit Software Inc.

Affected rangeFixed in

Versions 2025.3 and earlier – Versions 2025.3 and earlier2025.3.1

Versions 14.0.2 and earlier – Versions 14.0.2 and earlier14.0.3

Versions 13.2.2 and earlier – Versions 13.2.2 and earlier13.2.3

Versions 2025.3 and earlier – Versions 2025.3 and earlier2025.3.1

Weakness Classification (CWE)

CWE-416

Timeline

Reserved2026-03-08
Published2026-04-01
Modified2026-04-02
EPSS updated2026-04-08

Unpatched — 53 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-3777 is to upgrade to a patched version of Foxit PDF Editor. Foxit has released a fix, and users are strongly advised to apply it promptly. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing temporary workarounds. While a WAF or proxy cannot directly prevent this client-side vulnerability, strict content security policies (CSP) within the PDF viewer could limit the impact of malicious JavaScript. Disable JavaScript execution within Foxit PDF Editor if it is not essential for your workflow. Regularly scan PDF documents from untrusted sources for malicious content using antivirus or sandboxing solutions.

How to fix

Update Foxit PDF Editor/Reader to the latest available version. This will fix the use-after-free vulnerability that could allow arbitrary code execution.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-3777 — Use-After-Free in Foxit PDF Editor?

CVE-2026-3777 is a medium-severity vulnerability in Foxit PDF Editor versions 2025.3 and earlier. It allows for potential arbitrary code execution through crafted JavaScript manipulating zoom and page state.

Am I affected by CVE-2026-3777 in Foxit PDF Editor?

You are affected if you are using Foxit PDF Editor versions 2025.3 or earlier. Check your version and upgrade as soon as possible.

How do I fix CVE-2026-3777 in Foxit PDF Editor?

Upgrade to the latest version of Foxit PDF Editor, which includes a patch for this vulnerability. If upgrading is not immediately possible, consider temporary workarounds like disabling JavaScript.

Is CVE-2026-3777 being actively exploited?

Active exploitation campaigns are currently unconfirmed, but the potential for exploitation exists given the nature of the vulnerability.

Where can I find the official Foxit advisory for CVE-2026-3777?

Refer to the official Foxit security advisory for detailed information and the latest updates on this vulnerability. Check the Foxit website for security announcements.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free Search CVEs