{"api_version":"1","generated_at":"2026-07-14T00:01:04+00:00","cve":"CVE-2026-57254","urls":{"html":"https://cve.report/CVE-2026-57254","api":"https://cve.report/api/cve/CVE-2026-57254.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-57254","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-57254"},"summary":{"title":"Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability","description":"There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash.","state":"PUBLISHED","assigner":"Foxit","published_at":"2026-07-08 09:16:33","updated_at":"2026-07-09 11:59:16"},"problem_types":["CWE-843","CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)"],"metrics":[{"version":"3.1","source":"14984358-7092-470d-8f34-ade47a7658a2","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.foxit.com/support/security-bulletins.html","name":"https://www.foxit.com/support/security-bulletins.html","refsource":"14984358-7092-470d-8f34-ade47a7658a2","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-57254","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57254","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Foxit Software Inc.","product":"Foxit PDF Editor","version":"affected Versions 2026.1.1 and earlier","platforms":["Windows"]},{"source":"CNA","vendor":"Foxit Software Inc.","product":"Foxit PDF Editor","version":"affected Versions 14.0.4 and earlier","platforms":["Windows"]},{"source":"CNA","vendor":"Foxit Software Inc.","product":"Foxit PDF Editor","version":"affected Versions 13.2.4 and earlier","platforms":["Windows"]},{"source":"CNA","vendor":"Foxit Software Inc.","product":"Foxit PDF Reader","version":"affected Versions 2026.1.1 and earlier","platforms":["Windows"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"XuPeng","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"57254","vulnerable":"1","versionEndIncluding":"13.2.4.24048","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"foxit","cpe5":"pdf_editor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"57254","vulnerable":"1","versionEndIncluding":"14.0.4.33508","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"foxit","cpe5":"pdf_editor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"57254","vulnerable":"1","versionEndIncluding":"2023.3.0.23028","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"foxit","cpe5":"pdf_editor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"57254","vulnerable":"1","versionEndIncluding":"2024.4.1.27687","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"foxit","cpe5":"pdf_editor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"57254","vulnerable":"1","versionEndIncluding":"2025.3.0.35737","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"foxit","cpe5":"pdf_editor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"57254","vulnerable":"1","versionEndIncluding":"2026.1.1.36485","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"foxit","cpe5":"pdf_editor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"57254","vulnerable":"1","versionEndIncluding":"2026.1.1.36485","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"foxit","cpe5":"pdf_reader","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"57254","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"57254","cve":"CVE-2026-57254","epss":"0.001160000","percentile":"0.018690000","score_date":"2026-07-12","updated_at":"2026-07-13 00:07:37"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-57254","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-07-08T12:45:55.295384Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-08T12:46:02.325Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Foxit PDF Editor","vendor":"Foxit Software Inc.","versions":[{"status":"affected","version":"Versions 2026.1.1 and earlier"},{"status":"affected","version":"Versions 14.0.4 and earlier"},{"status":"affected","version":"Versions 13.2.4 and earlier"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Foxit PDF Reader","vendor":"Foxit Software Inc.","versions":[{"status":"affected","version":"Versions 2026.1.1 and earlier"}]}],"credits":[{"lang":"en","type":"finder","value":"XuPeng"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash."}],"value":"There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash."}],"impacts":[{"descriptions":[{"lang":"en","value":"Potential arbitrary code execution"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-843","description":"Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-08T07:36:10.974Z","orgId":"14984358-7092-470d-8f34-ade47a7658a2","shortName":"Foxit"},"references":[{"url":"https://www.foxit.com/support/security-bulletins.html"}],"title":"Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"14984358-7092-470d-8f34-ade47a7658a2","assignerShortName":"Foxit","cveId":"CVE-2026-57254","datePublished":"2026-07-08T07:36:10.974Z","dateReserved":"2026-06-24T03:01:18.718Z","dateUpdated":"2026-07-08T12:46:02.325Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-08 09:16:33","lastModifiedDate":"2026-07-09 11:59:16","problem_types":["CWE-843","CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)"],"metrics":{"cvssMetricV31":[{"source":"14984358-7092-470d-8f34-ade47a7658a2","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:45:55.295384Z","id":"CVE-2026-57254","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*","versionEndIncluding":"13.2.4.24048","matchCriteriaId":"4AED7415-0393-4DF2-BEE8-486712D56288"},{"vulnerable":true,"criteria":"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0.0.33046","versionEndIncluding":"14.0.4.33508","matchCriteriaId":"A10F7B1A-AAB3-4D81-A08C-866C49C76506"},{"vulnerable":true,"criteria":"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.1.0.15510","versionEndIncluding":"2023.3.0.23028","matchCriteriaId":"0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64"},{"vulnerable":true,"criteria":"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.1.0.23997","versionEndIncluding":"2024.4.1.27687","matchCriteriaId":"2C06BC41-9831-4AE3-B10B-3FC313D01580"},{"vulnerable":true,"criteria":"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.0.27937","versionEndIncluding":"2025.3.0.35737","matchCriteriaId":"AD0AAFC0-5B9B-4A11-8967-4699792850F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.0.36452","versionEndIncluding":"2026.1.1.36485","matchCriteriaId":"BB50B54F-D08D-492E-8CDF-D76032F4F9C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*","versionEndIncluding":"2026.1.1.36485","matchCriteriaId":"BF5DF56E-0DAD-4D0F-B64C-F41611D64981"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"57254","Ordinal":"1","Title":"Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability","CVE":"CVE-2026-57254","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"57254","Ordinal":"1","NoteData":"There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash.","Type":"Description","Title":"Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability"}]}}}