{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-57254","assignerOrgId":"14984358-7092-470d-8f34-ade47a7658a2","state":"PUBLISHED","assignerShortName":"Foxit","dateReserved":"2026-06-24T03:01:18.718Z","datePublished":"2026-07-08T07:36:10.974Z","dateUpdated":"2026-07-08T12:46:02.325Z"},"containers":{"cna":{"providerMetadata":{"orgId":"14984358-7092-470d-8f34-ade47a7658a2","shortName":"Foxit","dateUpdated":"2026-07-08T07:36:10.974Z"},"title":"Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-843","description":"Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)","type":"CWE"}]}],"impacts":[{"descriptions":[{"lang":"en","value":"Potential arbitrary code execution"}]}],"affected":[{"vendor":"Foxit Software Inc.","product":"Foxit PDF Editor","platforms":["Windows"],"versions":[{"status":"affected","version":"Versions 2026.1.1 and earlier"},{"status":"affected","version":"Versions 14.0.4 and earlier"},{"status":"affected","version":"Versions 13.2.4 and earlier"}],"defaultStatus":"unaffected"},{"vendor":"Foxit Software Inc.","product":"Foxit PDF Reader","platforms":["Windows"],"versions":[{"status":"affected","version":"Versions 2026.1.1 and earlier"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash.","supportingMedia":[{"type":"text/html","base64":false,"value":"There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash."}]}],"references":[{"url":"https://www.foxit.com/support/security-bulletins.html"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":7.8,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}],"credits":[{"lang":"en","value":"XuPeng","type":"finder"}],"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-07-08T12:45:55.295384Z","id":"CVE-2026-57254","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-07-08T12:46:02.325Z"}}]}}