The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local paths, thereby allowing access to any local files within the user's permission range.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://www.foxit.com/support/security-bulletins.html |
|
History
Wed, 08 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local paths, thereby allowing access to any local files within the user's permission range. | |
| Title | Foxit PDF Editor/Reader XDP XFA XXE arbitrary local file read | |
| Weaknesses | CWE-611 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Foxit
Published:
Updated: 2026-07-08T13:15:43.861Z
Reserved: 2026-06-24T03:01:24.249Z
Link: CVE-2026-57259
Updated: 2026-07-08T13:15:40.483Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T15:15:04Z