ZDI 2026-04-02

ZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

CVE-2026-3775

Machine-generated analysis · WAYSCloud LLM

The vulnerability stems from an uncontrolled search path element in the Foxit PDF Reader update service, which can be exploited by local attackers to escalate privileges.

Context

Foxit PDF Reader is affected by a local privilege escalation vulnerability in its update service. The issue is an uncontrolled search path element, which could allow an attacker to load and execute malicious code with elevated privileges. An attacker must already have the ability to execute low-privileged code on the system to exploit this condition. The ZDI has assigned a CVSS score of 7.8, indicating a medium to high severity impact.

Operator considerations

Check: Verify if Foxit PDF Reader is installed and the update service is active on the system.

From Zero Day Initiative ↗

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-3775.

Read the full advisory on ZDI →