NOVEE researchers identified 16 vulnerabilities across Foxit and Apryse PDF tools that could have been exploited via malicious documents or URLs, potentially enabling account takeover, data exfiltration, and other attacks. The findings, disclosed in mid-February 2026, followed Novee’s emergence from stealth mode in January 2026 with over $51 million in funding.
The vulnerabilities were found across Apryse WebViewer and Foxit PDF cloud services, with one critical and two high-severity flaws in Apryse, and two high-severity and 11 medium-severity issues in Foxit. The flaw set includes DOM XSS, SSRF, stored and reflected XSS, path traversal, and OS command injection vulnerabilities, which could be exploited by specially crafted documents, URLs, or messages to execute arbitrary code or commands.
In scenarios where PDF viewers are embedded in authenticated applications, attackers could leverage XSS weaknesses for account takeover or exfiltrate sensitive data, manipulate documents, or achieve persistent compromise. Foxit and Apryse patched the reported vulnerabilities after responsible disclosure, and SecurityWeek has reached out for comment.