CVE-2026-57243 pdf editor vulnerability
During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash.
Quick answer
foxit pdf editor should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- -
Fixed versions
- Apply the latest vendor-supported patched version.
How to fix it
CVE-2026-57243 affects Foxit PDF Editor and involves out-of-bounds read while parsing crafted PDF structures. The practical risk is information disclosure or application crashes when a user opens a malicious PDF. Prioritize users who regularly open external PDFs, attachments, browser-downloaded files, or customer-submitted documents. Foxit fixed this issue in the July 8, 2026 security updates: Foxit PDF Editor 2026.1.2 for the 2026 branch, Foxit PDF Editor 14.0.5 for the 14.x branch, and Foxit PDF Editor 13.2.5 for the 13.2 branch, with corresponding Mac builds where applicable. If an affected system may have opened suspicious PDFs before patching, treat the event as a possible endpoint compromise and preserve evidence before cleanup.
- Inventory all Foxit PDF Editor and Foxit PDF Reader installations across managed endpoints, VDI images, jump hosts, and application packaging repositories.
- Identify affected Windows and macOS builds, including Foxit PDF Editor 2026.1.1 and earlier in the 2026 branch, 14.0.4 and earlier in the 14.x branch, and 13.2.4 and earlier in the 13.2 branch.
- Update Foxit PDF Editor to the vendor-supported patched release for the installed branch: 2026.1.2, 14.0.5, or 13.2.5, or deploy the latest supported patched release from Foxit.
- Use centralized software deployment or Foxit enterprise update tooling where possible, and remove unsupported or duplicate Foxit versions from endpoints.
- Block or sandbox untrusted PDFs from email, web downloads, collaboration portals, and upload queues until the patched build is deployed.
- Review crash reports, EDR alerts, and document-open telemetry for repeated Foxit crashes after externally sourced PDFs were opened.
- If exploitation or suspicious document handling is suspected, isolate the endpoint, collect the PDF sample and telemetry, rotate exposed credentials, and rebuild the host from a trusted image when integrity cannot be established.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm each endpoint reports a patched Foxit PDF Editor version that matches the deployed branch or a later vendor-supported release.
- Validate that software inventory, EDR, and vulnerability-management tools no longer flag the affected CVE on patched systems.
- Confirm untrusted PDFs are routed through sandboxing, attachment filtering, or another controlled review path until patch coverage is complete.
- Review Foxit, Windows/macOS, EDR, and crash telemetry for suspicious PDF-open events or updater activity before closing the incident.
- Document the patched version, deployment evidence, residual exceptions, and any compensating controls, then rerun Fixnx or the relevant vulnerability scan where applicable.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-57243?
foxit pdf editor versions listed as affected should be reviewed: -.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
How are Fixnx security risk categories chosen?
Fixnx keeps one canonical risk page and assigns only broad, relevant categories such as ecosystem, technology area, or vulnerability class.
