CVE-2026-3774Sensitive Information Exposure in PDF Editor

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
CNA4.7
EPSS
0.0%
top 96.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Foxit PDF EditorFoxit PDF ReaderFoxit Software INC Foxit PDF Editor
Timeline
PublishedApr 1

Description

The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or resu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDfoxit/pdf_editor14.0.0.3304614.0.2.33402+4
NVDfoxit/pdf_reader2025.3.0.35737
CVEListV5foxit_software_inc/foxit_pdf_editorVersions 2025.3 and earlier

🔴Vulnerability Details

2
CVEList
Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor2026-04-01
GHSA
GHSA-whcx-f2rj-66hj: The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content2026-04-01

🕵️Threat Intelligence

1
Wiz
CVE-2026-3774 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-3774 — Sensitive Information Exposure | cvebase