CVE-2026-3775

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader versions prior to 2026.1, PDF Editor 14.x prior to 14.0.3, PDF Editor 13.x prior to 13.2.3

Description The Foxit PDF Editor/Reader update service loads system libraries from a search path that includes directories writable by low-privileged users. This allows a local attacker to place a malicious DLL in a writable directory, which the update service may load with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution. The vulnerability is a DLL search-order hijack, where the service loads a malicious DLL instead of a legitimate one. This can lead to full local compromise, persistence, lateral movement, and data exposure, especially on shared workstations, terminal servers, and VDI images.

Recommendations Upgrade to PDF Editor/Reader 2026.1 or the listed fixed releases (PDF Editor 14.0.3, PDF Editor 13.2.3). If patching is delayed, restrict write permissions on directories in the updater search path and enforce least privilege for update/service accounts.