CVE-2026-3775
DLL Search Path Hijacking in Update Service Enables Privilege Escalation
Publication date: 2026-04-01
Last updated on: 2026-04-14
Assigner: Foxit
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| foxit | pdf_editor | From 2023.1.0.15510 (inc) to 2023.3.0.23028 (inc) |
| foxit | pdf_editor | From 2024.1.0.23997 (inc) to 2024.4.1.27687 (inc) |
| foxit | pdf_editor | to 13.2.2.24014 (inc) |
| foxit | pdf_editor | From 14.0.0.33046 (inc) to 14.0.2.33402 (inc) |
| foxit | pdf_editor | From 2025.1.0.27937 (inc) to 2025.3.0.35737 (inc) |
| foxit | pdf_reader | to 2025.3.0.35737 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to escalate their privileges to SYSTEM level on the affected machine.
With SYSTEM privileges, the attacker can execute arbitrary code, potentially taking full control of the system, accessing sensitive data, modifying system configurations, or disrupting services.
Can you explain this vulnerability to me?
This vulnerability occurs because the application's update service loads system libraries from directories that are writable by low-privileged users instead of strictly trusted system locations.
A local attacker can exploit this by placing a malicious library in one of these writable directories, which the update service then loads with SYSTEM privileges.
This results in local privilege escalation and allows the attacker to execute arbitrary code with high-level system permissions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a local attacker to escalate privileges to SYSTEM level and execute arbitrary code. Such unauthorized access and control over system resources can lead to breaches of confidentiality, integrity, and availability of sensitive data.
Consequently, organizations affected by this vulnerability may face challenges in maintaining compliance with standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive personal and health information from unauthorized access and modification.
Failure to address this vulnerability could result in violations of these regulations, potentially leading to legal penalties, reputational damage, and loss of trust.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should update their Foxit PDF Reader and Editor applications to the latest versions.
Updates can be obtained through the application's built-in update feature or by downloading the latest versions directly from the Foxit website.