PatchSiren cyber security CVE debrief
CVE-2026-57252 Foxit Software Inc. CVE debrief
A high-severity vulnerability, CVE-2026-57252, was found in Foxit's PDF application. The issue causes the application to crash when a PDF file is opened and pages are deleted with attachment annotations. This vulnerability can potentially be used for malicious purposes, and users of Foxit's PDF application should be aware of this vulnerability and take necessary precautions. The vulnerability occurs due to invalid pointer access when the application attempts to delete pages with attachment annotations.
- Vendor
- Foxit Software Inc.
- Product
- Foxit PDF Editor
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-08
Who should care
Users of Foxit's PDF application, particularly those who handle PDF files, should be aware of this vulnerability and take necessary precautions. This includes applying the patch provided by the vendor and monitoring the application for any unusual behavior. The vulnerability can potentially be used for malicious purposes, and users should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vulnerability occurs when the application opens a PDF file and attempts to delete pages with attachment annotations, causing the application to crash due to invalid pointer access. This can happen when JavaScript is used to delete pages and remove attachment annotations in the PDF file. The affected product is Foxit's PDF application, and the vulnerability has a high severity score.
Defensive priority
High priority should be given to patching this vulnerability, as it can cause application crashes and potentially be used for malicious purposes.
Recommended defensive actions
- Apply the patch provided by the vendor
- Verify that the patch has been successfully applied
- Monitor the application for any unusual behavior
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-08T09:16:33.293Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability is a high-severity issue that can cause the application to crash when a PDF file is opened and pages are deleted with attachment annotations.
Official resources
-
CVE-2026-57252 CVE record
CVE.org
-
CVE-2026-57252 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
14984358-7092-470d-8f34-ade47a7658a2
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T09:16:33.293Z and has not been modified since then.