CVE-2026-57248
HIGHDescription
When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release.
Is your site exposed to CVE-2026-57248?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| foxit | pdf_editor |
| foxit | pdf_editor |
| foxit | pdf_editor |
| foxit | pdf_editor |
| foxit | pdf_editor |
| foxit | pdf_editor |
| foxit | pdf_reader |
| microsoft | windows |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-57248? +
How severe is CVE-2026-57248? +
What products are affected by CVE-2026-57248? +
How do I check if I'm vulnerable to CVE-2026-57248? +
Related Vulnerabilities
A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault …
In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipc_buf_append() tipc_msg_validate() can potentially reallocate the …
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a …
An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior …
Memory corruption while reading ACPI config through the user mode app.