8.6
CVE-2026-12057
- EPSS 0.13%
- Veröffentlicht 15.06.2026 10:21:22
- Zuletzt bearbeitet 16.06.2026 16:43:11
- Quelle 14984358-7092-470d-8f34-ade47a
- CVE-Watchlists
- Unerledigt
DoS + Remote Code Execution via PDF JavaScript in Foxit AI
When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.028 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 14984358-7092-470d-8f34-ade47a7658a2 | 8.6 | 1.8 | 6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
https://www.foxit.com/support/security-bulletins.html