CVE-2026-57254 PUBLISHED

Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability

Assigner: Foxit
Reserved: 24.06.2026 Published: 08.07.2026 Updated: 08.07.2026

There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Product Status

Vendor Foxit Software Inc.
Product Foxit PDF Editor
Versions Default: unaffected
  • Version Versions 2026.1.1 and earlier is affected
  • Version Versions 14.0.4 and earlier is affected
  • Version Versions 13.2.4 and earlier is affected
Vendor Foxit Software Inc.
Product Foxit PDF Reader
Versions Default: unaffected
  • Version Versions 2026.1.1 and earlier is affected

Credits

  • XuPeng finder

References

Problem Types

  • Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843) CWE

Impacts

  • Potential arbitrary code execution