CVE-2026-3780

EUVD-2026-17761
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
foxitpdf_editor
𝑥
≤ 13.2.2.24014
foxitpdf_editor
14.0.0.33046 ≤
𝑥
≤ 14.0.2.33402
foxitpdf_editor
2023.1.0.15510 ≤
𝑥
≤ 2023.3.0.23028
foxitpdf_editor
2024.1.0.23997 ≤
𝑥
≤ 2024.4.1.27687
foxitpdf_editor
2025.1.0.27937 ≤
𝑥
≤ 2025.3.0.35737
foxitpdf_reader
𝑥
≤ 2025.3.0.35737
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.foxit.com/support/security-bulletins.html