CVE-2026-12057
Received Received - Intake
JavaScript Sandbox Escape Leading to Arbitrary Code Execution

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: Foxit

Description
When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-12057
EUVD
EUVD-2026-36715
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
foxit pdf_reader to 2024.2.3.25184 (exc)
foxit pdf_editor From 2024.0.0 (exc) to 2024.x (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when the application executes JavaScript embedded in a PDF within a sandbox environment but fails to properly intercept some dangerous interfaces. This failure allows remote scripts to be loaded, which can lead to arbitrary code execution on the affected system.

Impact Analysis

The vulnerability can allow attackers to execute arbitrary code remotely on your system by exploiting the failure to intercept dangerous JavaScript interfaces in PDFs. This can lead to full compromise of confidentiality, integrity, and availability of your system.

Mitigation Strategies

To mitigate this vulnerability, users are advised to update their Foxit PDF Reader and Editor applications to the latest versions.

  • Use the application’s built-in update feature to obtain the latest version.
  • Alternatively, download the latest versions directly from the Foxit website.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12057. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart