CVE-2026-57238
HIGH
7.8
CVSS 3.1
Description
After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash.
Metadata
Severity & Metrics
7.8
HIGH CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Affected products (2)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor | Windows | Versions 2026.1.1 and earlier, Versions 14.0.4 and earlier, Versions 13.2.4 and earlier |
| Foxit Software Inc. | Foxit PDF Reader | Windows | Versions 2026.1.1 and earlier |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-416 | cna | CWE-416 Use after free |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.8 | HIGH | 3.1 | cna | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References (1)