CVE-2026-12057 | THREATINT

Description

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.

PUBLISHED Reserved 2026-06-12 | Published 2026-06-15 | Updated 2026-06-15 | Assigner Foxit

HIGH: 8.6CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-829 Inclusion of functionality from untrusted control sphere

Product status

Default status

unaffected

before 2026-06-15

affected

Credits

mrfathoni finder

References

www.foxit.com/support/security-bulletins.html

cve.org (CVE-2026-12057)

nvd.nist.gov (CVE-2026-12057)

Download JSON