High June 16, 2026

CVE-2026-12057: Security Advisory

CVE-2026-12057 CVSS 8.6

Who it affects: When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.
What to do: Apply the vendor's update in your next patch window.

Deploy the fix with Action1 Automox ManageEngine Patch Manager Plus ManageEngine Endpoint Central Are you exposed? Compare patch tools →

CVE-2026-12057 is a high-severity vulnerability (CVSS 8.6).

Summary

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.

Remediation

Apply the vendor’s update during your next patch window and verify exposure. Patch-management tools that can deploy and verify the fix include Action1, Automox, ManageEngine Patch Manager Plus, ManageEngine Endpoint Central. See our best patch management ranking.

Sources

https://www.foxit.com/support/security-bulletins.html

Data as of June 16, 2026. Sources: nvd.nist.gov, foxit.com. Figures are pulled from public vendor and security data and refreshed automatically.