Foxit Products Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in multiple Foxit products, including Foxit PDF Services API, Foxit PDF Reader, and Foxit PDF Editor. This vulnerability allows attackers to control HTTP requests initiated by the server, directing them to arbitrary destinations. Exploitation of this vulnerability could lead to probing internal network services, accessing otherwise unreachable endpoints such as cloud metadata services, or bypassing network access controls, potentially resulting in the disclosure of sensitive information and further compromise of the internal environment.

Impact

Exploitation of this vulnerability could cause information disclosure about the internal server and compromise the internal server environment.

Remediation

This vulnerability has been addressed in Foxit PDF Services API, Foxit PDF Reader 2026.1, and Foxit PDF Editor 2026.1. Users can update to the latest version through the Foxit Update mechanism or by downloading the updated version from the Foxit website. For Foxit PDF Editor for Mac, the latest version can also be downloaded from the Foxit website.