PatchSiren cyber security CVE debrief
CVE-2026-57237 Foxit Software Inc. CVE debrief
A high-severity vulnerability, CVE-2026-57237, was found in an application that causes a crash when opening a PDF and JavaScript modifies form field properties. The vulnerability has a CVSS score of 7.8 and is classified as HIGH. The affected application fails to handle JavaScript modifications to form field properties in PDFs, leading to an invalid state of underlying objects and eventually causing the application to crash. Users of the affected application, particularly those who handle PDF files, should be aware of this vulnerability and take necessary precautions.
- Vendor
- Foxit Software Inc.
- Product
- Foxit PDF Editor
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-08
Who should care
Users of the affected application, particularly those who handle PDF files, should be aware of this vulnerability and take necessary precautions. This includes administrators, security teams, and operators who manage or interact with the affected application. They should assess their exposure, apply vendor patches or updates when available, and implement compensating controls to mitigate the risk.
Technical summary
The application fails to handle JavaScript modifications to form field properties in PDFs, leading to an invalid state of underlying objects and eventually causing the application to crash. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability has a CVSS score of 7.8 and is classified as HIGH. The affected application and its users are at risk of potential crashes and exploitation.
Defensive priority
High-priority defensive actions are recommended to mitigate the risk of this vulnerability.
Recommended defensive actions
- Inventory and verify affected application versions
- Apply vendor patches or updates when available
- Implement compensating controls, such as restricting JavaScript execution in PDFs
- Monitor for suspicious PDF file activity
- Conduct regular security audits and vulnerability assessments
- Review and update incident response plans
- Verify and document remediation efforts
Evidence notes
The CVE record was published on 2026-07-08T09:16:31.577Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected application versions and assess their exposure. The vulnerability has a CVSS score of 7.8 and is classified as HIGH. Evidence is limited to CVE and NVD details.
Official resources
-
CVE-2026-57237 CVE record
CVE.org
-
CVE-2026-57237 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
14984358-7092-470d-8f34-ade47a7658a2
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T09:16:31.577Z and has not been modified since then. The NVD entry is currently Received.