Foxit Patches 20 Vulnerabilities in PDF Reader and Editor, Including RCE and Privilege Escalation Flaws
Foxit has released critical security updates addressing 20 vulnerabilities in its PDF Reader and Editor for Windows and macOS, with several allowing for remote code execution.

Foxit has issued a significant security update, patching a total of 20 vulnerabilities affecting its widely-used PDF Reader and PDF Editor applications. The vulnerabilities, which span multiple versions for both Windows and macOS, include numerous flaws capable of leading to arbitrary code execution when a user opens a specially crafted PDF file. This release underscores the persistent risks associated with document parsing and the potential for malicious files to compromise user systems.
The patched vulnerabilities encompass a range of memory corruption and parsing bugs, such as use-after-free, out-of-bounds read and write errors, buffer copy issues, type confusion, and improper array index validation. Attackers can exploit these flaws by embedding malicious content within PDF documents, leveraging elements like embedded JavaScript, malformed annotations, corrupted signature fields, or deceptive XDP content. The ability to achieve arbitrary code execution through document opening makes these vulnerabilities particularly dangerous, as PDF readers are frequently targeted in phishing campaigns.
Beyond remote code execution, some of the disclosed flaws can also lead to information disclosure, application crashes, or privilege escalation, depending on the specific vulnerability and the nature of the malicious PDF used. Several of these vulnerabilities have been assigned a CVSS score of 7.8, indicating a high severity. The update also addresses a critical local privilege escalation vulnerability in Foxit's update mechanism, which had a CVSS score of 8.2. This specific flaw could allow an attacker to load malicious DLLs or executables with elevated privileges during the update checking process, posing a system-level risk.
Multiple security researchers and groups, including Trend Micro's Zero-Day Initiative and Cisco Talos, were credited for discovering and reporting these issues to Foxit. The fixes are included in Foxit PDF Reader version 2026.1.2 and Foxit PDF Editor version 2026.1.2 for Windows, along with corresponding updates for Mac versions. Affected products include older builds across various product lines, such as 2026.x, 2025.x, 2024.x, 2023.x, 14.x, and some 13.x builds, depending on the specific product and operating system.
Foxit strongly recommends that users update their software immediately. This can be done either through the built-in "Check for Update" feature within the applications or by downloading the latest versions directly from the Foxit website. Given that the vulnerabilities affect document parsing and JavaScript execution capabilities, it is crucial to patch before opening any untrusted PDF files, especially those received via email or messaging applications.
This extensive patch release highlights the ongoing challenges in securing complex software like PDF readers, which are essential tools for many users and organizations. The combination of remote code execution and privilege escalation vulnerabilities presents a significant threat landscape, emphasizing the need for prompt patching and vigilance against malicious document-based attacks. Security teams should prioritize this update to mitigate the risks associated with these critical flaws.