The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local paths, thereby allowing access to any local files within the user's permission range.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://www.foxit.com/support/security-bulletins.html |
|
History
Wed, 08 Jul 2026 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local paths, thereby allowing access to any local files within the user's permission range. | |
| Title | Foxit PDF Editor/Reader XDP XFA XXE arbitrary local file read | |
| Weaknesses | CWE-611 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Foxit
Published:
Updated: 2026-07-08T07:36:07.818Z
Reserved: 2026-06-24T03:01:24.249Z
Link: CVE-2026-57259
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses