CVE-2026-57239 PUBLISHED

Foxit PDF Editor/Reader Local Privilege Escalation

Assigner: Foxit
Reserved: 24.06.2026 Published: 08.07.2026 Updated: 08.07.2026

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CVSS Score: 8.2

Product Status

Vendor Foxit Software Inc.
Product Foxit PDF Editor
Versions Default: unaffected
  • Version Versions 2026.1.1 and earlier is affected
  • Version Versions 14.0.4 and earlier is affected
  • Version Versions 13.2.4 and earlier is affected
Vendor Foxit Software Inc.
Product Foxit PDF Reader
Versions Default: unaffected
  • Version Versions 2026.1.1 and earlier is affected

Credits

  • Luke Paris (@Paradoxis) finder

References

Problem Types

  • Uncontrolled Search Path Element (CWE‑427)

Impacts

  • Local Privilege Escalation