Foxit PDF Reader & Editor Patches 20 Critical RCE Flaws
Key Takeaways Foxit has issued an urgent security update addressing 20 critical remote code execution (RCE) vulnerabilities in its PDF Reader and Editor. The flaws affect multiple Windows and macOS...
Key Takeaways
- Foxit has issued an urgent security update addressing 20 critical remote code execution (RCE) vulnerabilities in its PDF Reader and Editor.
- The flaws affect multiple Windows and macOS versions of Foxit PDF Reader and Editor, including older product lines.
- Many vulnerabilities carry CVSS scores up to 8.2 and can be exploited by opening specially crafted PDF files or through a local privilege escalation in the update mechanism.
- Users are strongly advised to update immediately to Foxit PDF Reader 2026.1.2 and Foxit PDF Editor 2026.1.2 (or later for Mac) to mitigate significant security risks.
Foxit has released a crucial security patch, addressing a total of 20 remote code execution (RCE) vulnerabilities across its widely used Foxit PDF Reader and Foxit PDF Editor applications. Users are urged to apply these updates without delay to protect their systems.
Table Of Content
The comprehensive security release, dated July 8, 2026, targets multiple versions of both products on Windows and macOS platforms. Several of these vulnerabilities are classified as “Important” and could enable arbitrary code execution on affected systems.
The patch resolves a wide array of memory corruption and parsing errors, including common security pitfalls such as use-after-free, out-of-bounds read and write operations, buffer copy errors, type confusion, and improper array index validation.
Many of these critical flaws can be triggered simply by opening a maliciously crafted PDF document. Such malicious files might contain embedded JavaScript, abnormal annotations, malformed page trees, corrupted signature fields, or deceptive XDP content designed to exploit these vulnerabilities.
Beyond document-related risks, Foxit also addressed a local privilege escalation vulnerability within its update mechanism. This particular flaw could allow the update service to load malicious DLLs or executables with elevated privileges during routine update checks, posing a significant system-level exposure.
Critical Flaws in Foxit PDF Reader and Editor
The most severe vulnerabilities outlined in this update could permit an attacker to execute arbitrary code remotely on a victim’s machine merely by having them open a specially crafted PDF. This scenario is particularly dangerous given that PDF readers are frequently exploited targets in sophisticated phishing campaigns.
Depending on the specific flaw and the malicious file content used, some issues could also lead to information disclosure, application crashes, or even privilege escalation, granting attackers greater control over the compromised system.
Several of the addressed vulnerabilities received CVSS scores of 7.8, indicating their high severity. The privilege escalation flaw in the update path, however, was assigned an even higher CVSS score of 8.2, underscoring the critical nature of this security release.
Detailed Vulnerability Breakdown
The following table provides a summary of the patched vulnerabilities:
| CVE ID | CWE | Vulnerability Type | Impact |
|---|---|---|---|
| CVE-2026-13126 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-13127 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-13128 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-13129 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57237 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57238 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57240 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57242 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57244 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57245 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57247 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57249 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57250 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57252 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57256 | CWE-416 | Use After Free | Arbitrary/Remote Code Execution |
| CVE-2026-57246 | CWE-120 | Buffer Copy without Size Check | Arbitrary Code Execution |
| CVE-2026-57248 | CWE-763 | Release of Invalid Pointer | Arbitrary Code Execution |
| CVE-2026-57251 | CWE-129 | Improper Validation of Array Index | Arbitrary Code Execution |
| CVE-2026-57254 | CWE-843 | Type Confusion | Arbitrary Code Execution |
| CVE-2026-57260 | CWE-787 | Out-of-Bounds Write | Arbitrary Code Execution |
Foxit credited multiple researchers and security groups for their contributions in identifying and reporting these issues, including Trend Zero-Day Initiative and Cisco Talos.
The fixes are incorporated into Foxit PDF Reader 2026.1.2 and Foxit PDF Editor 2026.1.2 for Windows. Corresponding updated versions have also been released for Mac users.
A broad range of older Reader and Editor builds across various product lines are identified as vulnerable, including versions 2026.x, 2025.x, 2024.x, 2023.x, 14.x, and specific 13.x builds, depending on the product and operating system.
What You Should Do
- Update Immediately: Users should update to Foxit PDF Reader 2026.1.2 and Foxit PDF Editor 2026.1.2 for Windows, or the latest corresponding Mac releases, as soon as possible.
- Utilize In-App Update: The recommended method for updating is through the “Check for Update” option within the application itself.
- Download Latest Version: Alternatively, users can download the most recent release directly from the official Foxit website.
- Exercise Caution with Untrusted PDFs: Given that many vulnerabilities are triggered by specially crafted PDF files, avoid opening untrusted PDF documents, especially those received via email or messaging applications, until the update is applied.
- Prioritize Patching: Security teams should treat this update with urgency, recognizing that PDF readers often serve as a direct attack vector between threat actors and end-users.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.