PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57237 Foxit Software Inc. CVE debrief

A high-severity vulnerability, CVE-2026-57237, was found in an application that causes a crash when opening a PDF and JavaScript modifies form field properties. The vulnerability has a CVSS score of 7.8 and is classified as HIGH. The affected application fails to handle JavaScript modifications to form field properties in PDFs, leading to an invalid state of underlying objects and eventually causing the application to crash. Users of the affected application, particularly those who handle PDF files, should be aware of this vulnerability and take necessary precautions.

Vendor
Foxit Software Inc.
Product
Foxit PDF Editor
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-08
Advisory published
2026-07-08
Advisory updated
2026-07-08

Who should care

Users of the affected application, particularly those who handle PDF files, should be aware of this vulnerability and take necessary precautions. This includes administrators, security teams, and operators who manage or interact with the affected application. They should assess their exposure, apply vendor patches or updates when available, and implement compensating controls to mitigate the risk.

Technical summary

The application fails to handle JavaScript modifications to form field properties in PDFs, leading to an invalid state of underlying objects and eventually causing the application to crash. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability has a CVSS score of 7.8 and is classified as HIGH. The affected application and its users are at risk of potential crashes and exploitation.

Defensive priority

High-priority defensive actions are recommended to mitigate the risk of this vulnerability.

Recommended defensive actions

  • Inventory and verify affected application versions
  • Apply vendor patches or updates when available
  • Implement compensating controls, such as restricting JavaScript execution in PDFs
  • Monitor for suspicious PDF file activity
  • Conduct regular security audits and vulnerability assessments
  • Review and update incident response plans
  • Verify and document remediation efforts

Evidence notes

The CVE record was published on 2026-07-08T09:16:31.577Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected application versions and assess their exposure. The vulnerability has a CVSS score of 7.8 and is classified as HIGH. Evidence is limited to CVE and NVD details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T09:16:31.577Z and has not been modified since then. The NVD entry is currently Received.