How is CVE-2026-12057 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host is not required here; instead, the attack vector is local (AV:L), meaning the malicious PDF is delivered to and opened by a local user rather than reaching the service over the network. Authentication (not-required): No authentication or account privileges are required (PR:N); any user who opens the crafted PDF triggers the vulnerable code path. Victim interaction (required): The victim must open the attacker-supplied PDF file, making this a social-engineering vector that requires the target to take an explicit action (UI:R). Attack complexity (info): Attack complexity is low (AC:L), meaning the exploit is reliable and condition-free once the victim opens the file, with no race conditions or special environmental factors required.

What is the impact of CVE-2026-12057?

The attacker executes arbitrary code in the context of the application process, gaining the ability to run any command the process is permitted to run. The sandbox boundary is broken (S:C), so impact extends beyond Foxit AI itself to other processes and data accessible to the user account on the host. All files, credentials, and session material readable by the running process are exposed to the attacker (C:H). The attacker can write or delete files and modify application state on the host (I:H), and can crash or render unavailable the affected service and dependent processes (A:H).

Back to search

HIGHCVE-2026-12057Published 2026-06-15Modified 2026-06-15CNA Foxit

CVE-2026-12057: DoS + Remote Code Execution via PDF JavaScript in Foxit AI

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.

CVSS v3.1: 8.6
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a sandbox escape and remote code execution vulnerability in Foxit AI's PDF JavaScript engine. An attacker embeds malicious JavaScript in a crafted PDF file; when a local user opens the file, the sandbox fails to block access to dangerous interfaces, allowing remote script loading and arbitrary code execution with effects that extend beyond the sandbox boundary. Exploitation achieves full confidentiality, integrity, and availability impact on the host. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment Foxit publishes a fix version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Foxit AI or embed it as a dependency. Any image carrying an affected version of Foxit AI is flagged automatically.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 8.6 HIGH and weighting it against each customer environment's compliance policy to determine urgency. Routed findings reach the appropriate team inbox inside each customer organization based on configured ownership rules.

Available

Patch

Because no fix version has been published by Foxit, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered without manual intervention as soon as a fix version is confirmed.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host is not required here; instead, the attack vector is local (AV:L), meaning the malicious PDF is delivered to and opened by a local user rather than reaching the service over the network.
AuthenticationNot required
No authentication or account privileges are required (PR:N); any user who opens the crafted PDF triggers the vulnerable code path.
Victim interactionRequired
The victim must open the attacker-supplied PDF file, making this a social-engineering vector that requires the target to take an explicit action (UI:R).
Attack complexityDetail
Attack complexity is low (AC:L), meaning the exploit is reliable and condition-free once the victim opens the file, with no race conditions or special environmental factors required.

Blast Radius

The attacker executes arbitrary code in the context of the application process, gaining the ability to run any command the process is permitted to run.
The sandbox boundary is broken (S:C), so impact extends beyond Foxit AI itself to other processes and data accessible to the user account on the host.
All files, credentials, and session material readable by the running process are exposed to the attacker (C:H).
The attacker can write or delete files and modify application state on the host (I:H), and can crash or render unavailable the affected service and dependent processes (A:H).

How HarborGuard Handles This

Available on HarborGuard: because Foxit has not yet published a fix version for CVE-2026-12057, the recommended action is to treat any image shipping Foxit AI as a high-priority risk item until a patch is released. HarborGuard will re-evaluate the advisory on every ingest cycle and make a patched-image rebuild available automatically once Foxit publishes a fix. In the meantime, compensating controls worth applying include network-policy rules that restrict outbound connections from containers running Foxit AI (to limit the remote script loading that this vulnerability enables), disabling PDF JavaScript execution where the application provides a feature flag to do so, and isolating affected workloads behind stricter egress filtering. For customers with auto-remediation enabled, the moment a fix version is confirmed upstream, HarborGuard will trigger a rebuild, run regression tests, and open a PR against affected workloads without requiring manual action.

See how HarborGuard automates this

Affected packages

Foxit Software Inc. / Foxit AI
before 2026-06-15

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

foxit.com

Metrics

Get notified