{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-12057: DoS + Remote Code Execution via PDF JavaScript in Foxit AI","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-12057","status":"final","version":"1","initial_release_date":"2026-06-15T10:21:22.196Z","current_release_date":"2026-06-15T12:34:17.323Z","revision_history":[{"date":"2026-06-15T10:21:22.196Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-12057 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-12057"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-12057"},{"category":"external","summary":"foxit.com","url":"https://www.foxit.com/support/security-bulletins.html"}]},"product_tree":{"branches":[{"category":"vendor","name":"Foxit Software Inc.","branches":[{"category":"product_name","name":"Foxit AI","branches":[{"category":"product_version","name":"before 2026-06-15","product":{"name":"Foxit Software Inc. Foxit AI before 2026-06-15","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:foxit_software_inc.:foxit_ai:before_2026-06-15:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-12057","title":"DoS + Remote Code Execution via PDF JavaScript in Foxit AI","notes":[{"category":"description","text":"When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH"},"products":["CSAFPID-1"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1"]}]}]}