Foxit PDF Editor <=2026.1.1 Crash via JS Form Reset Deref
CVE-2026-57244 Published on July 8, 2026

Foxit PDF Editor/Reader Form Control Use-After-Free Vulnerability
After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash.

NVD

Vulnerability Analysis

CVE-2026-57244 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2026-57244 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2026-57244

Want to know whenever a new CVE is published for Foxit Software Pdf Editor? stack.watch will email you.

 

Affected Versions

Foxit Software Inc. Foxit PDF Editor: Foxit Software Inc. Foxit PDF Editor: Foxit Software Inc. Foxit PDF Reader: