Home

Description

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.

PUBLISHED Reserved 2026-03-08 | Published 2026-04-01 | Updated 2026-04-02 | Assigner Foxit




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-427: DLL Hijacking

Product status

Default status
unaffected

Versions 2025.3 and earlier
affected

Default status
unaffected

Versions 2025.3 and earlier
affected

Credits

Erik Egsgard of Field Effect working with TrendAI Zero Day Initiative finder

References

www.foxit.com/support/security-bulletins.html

cve.org (CVE-2026-3775)

nvd.nist.gov (CVE-2026-3775)

Download JSON