PatchSiren cyber security CVE debrief
CVE-2026-12057 Foxit Software Inc. CVE debrief
A HIGH severity vulnerability was discovered in an Unknown Vendor product, tracked as CVE-2026-12057 with a CVSS score of 8.6. The vulnerability occurs when the application executes a JavaScript script embedded in a PDF within a sandbox, failing to intercept some dangerous interfaces. This allows remote scripts to be loaded, resulting in arbitrary code execution.
- Vendor
- Foxit Software Inc.
- Product
- Foxit AI
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the affected Unknown Vendor product should consider applying patches or mitigations to prevent exploitation.
Technical summary
The vulnerability is caused by the application's sandbox failing to intercept some dangerous interfaces when executing JavaScript scripts embedded in PDFs. This allows remote scripts to be loaded, resulting in arbitrary code execution.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor, if available.
- Consider using alternative products or workarounds until a patch is available.
- Monitor the vendor's security bulletins for updates on this vulnerability.
Evidence notes
The vendor is currently listed as 'Unknown Vendor', but evidence suggests the product may be related to Foxit.
Official resources
-
CVE-2026-12057 CVE record
CVE.org
-
CVE-2026-12057 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
14984358-7092-470d-8f34-ade47a7658a2
CVE-2026-12057 was published on 2026-06-15T12:16:23.050Z and has not been modified since then.