PatchSiren cyber security CVE debrief
CVE-2026-57241 Foxit Software Inc. CVE debrief
CVE-2026-57241 is a medium-severity vulnerability that causes an application to crash due to out-of-bounds access when processing PDFs with JavaScript. The application opens a PDF and JavaScript performs operations on the page and document, causing page-related objects to lose synchronization. However, the renderer still trusts the outdated page count, leading to an application crash.
- Vendor
- Foxit Software Inc.
- Product
- Foxit PDF Editor
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-08
Who should care
Users of applications that process PDFs with JavaScript should be aware of this vulnerability. Although details about affected products are limited, the CVE record indicates a MEDIUM CVSS score of 6.1.
Technical summary
The vulnerability occurs when the application processes a PDF file containing JavaScript. As JavaScript performs operations on the page and document, it causes page-related objects within the application to lose synchronization. Despite this, the renderer continues to trust the outdated page count, ultimately leading to an application crash due to out-of-bounds access. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H.
Defensive priority
Apply patches or updates from the vendor as soon as available. In the meantime, consider disabling JavaScript execution in PDF files or restricting access to untrusted PDF sources.
Recommended defensive actions
- Apply patches or updates from the vendor as soon as available.
- Consider disabling JavaScript execution in PDF files if not necessary.
- Restrict access to untrusted PDF sources.
- Monitor the application for unusual crashes or behavior.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
Evidence notes
The CVE record was published on 2026-07-08T09:16:32.040Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Limited information is available about affected products, with a potential reference to Foxit.
Official resources
-
CVE-2026-57241 CVE record
CVE.org
-
CVE-2026-57241 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
14984358-7092-470d-8f34-ade47a7658a2
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T09:16:32.040Z and has not been modified since then. The NVD entry is currently in the 'Received' status.