securityonline.info 7/8/2026, 5:08:10 PM · external

Foxit PDF Reader flaws expose users to arbitrary code execution

Foxit PDF Reader flaws expose users to arbitrary code execution

THE content discusses critical vulnerabilities in Foxit PDF Reader and PDF Editor, particularly after the release of version 2026.1.2, which fixes 28 security flaws, with 20 potentially allowing arbitrary code execution when a user opens a malicious PDF. Key vulnerabilities include CVE-2026-48908, CVE-2026-55255, CVE-2026-56290, and CVE-2026-48282, among others. The flaws primarily stem from use-after-free issues that lead to exploitation through crafted JavaScript in PDFs.

Special focus is given to a local privilege escalation flaw that can grant SYSTEM rights to an attacker. Users are strongly urged to update to the latest version or, while awaiting updates, to keep Safe Reading Mode active to mitigate risks.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline