CVE-2026-3775 PUBLISHED

Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Assigner: Foxit
Reserved: 08.03.2026 Published: 01.04.2026 Updated: 01.04.2026

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Foxit Software Inc.
Product	Foxit PDF Editor
Versions	Default: unaffected Version Versions 2025.3 and earlier is affected

Vendor	Foxit Software Inc.
Product	Foxit PDF Reader
Versions	Default: unaffected Version Versions 2025.3 and earlier is affected

References

https://www.foxit.com/support/security-bulletins.html

Problem Types

CWE-427: DLL Hijacking CWE

Impacts

Potential arbitrary code execution