CVE-2026-12057
HIGHDescription
When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| foxit | ai |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-12057? +
How severe is CVE-2026-12057? +
What products are affected by CVE-2026-12057? +
How do I check if I'm vulnerable to CVE-2026-12057? +
Related Vulnerabilities
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute …
conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the …
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, …
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an …
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those …
A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input …