Foxit Products Denial-of-Service Vulnerability Due to Improper Control Flow Management
Vulnerability
A denial-of-service vulnerability has been identified in Foxit PDF Reader and Foxit PDF Editor. This issue arises from improper control flow management, which allows a crafted document action chain to cause modal dialog reentry on the main thread. As a result, the application experiences a UI freeze, leading to a denial-of-service condition. The vulnerability affects Foxit PDF Reader versions through 2026.1.0.36452 and Foxit PDF Editor versions through 2026.1.0.36452, as well as all previous 2025.x, 2024.x, 2023.x and 14.x versions, with the exception of Foxit PDF Editor 13.2.4.
Impact
Exploitation of this vulnerability causes the application to freeze, creating a denial-of-service condition by disrupting normal user interaction and application functionality.
Remediation
Users can update to Foxit PDF Reader 2026.1.1 or Foxit PDF Editor 2026.1.1/14.0.4. Instructions for updating are available on the Foxit website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.