CVE-2026-12057
Analyzed Analyzed - Analysis Complete

JavaScript Sandbox Escape Leading to Arbitrary Code Execution

Vulnerability report for CVE-2026-12057, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-16

Assigner: Foxit

Description

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-16
Generated
2026-07-05
AI Q&A
2026-06-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
foxit ai to 2026-06-15 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs when the application executes JavaScript embedded in a PDF within a sandbox environment but fails to properly intercept some dangerous interfaces. This failure allows remote scripts to be loaded, which can lead to arbitrary code execution on the affected system.

Impact Analysis

The vulnerability can allow attackers to execute arbitrary code remotely on your system by exploiting the failure to intercept dangerous JavaScript interfaces in PDFs. This can lead to full compromise of confidentiality, integrity, and availability of your system.

Mitigation Strategies

To mitigate this vulnerability, users are advised to update their Foxit PDF Reader and Editor applications to the latest versions.

  • Use the application’s built-in update feature to obtain the latest version.
  • Alternatively, download the latest versions directly from the Foxit website.
Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12057. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart