CVE-2026-3774 is a vulnerability identified in Foxit PDF Editor that arises from the way the application handles PDF JavaScript and document/print actions such as WillPrint and DidPrint. These actions can update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing processes. The existing redaction, encryption, and printing logic does not fully account for these script-driven updates, which under certain document structures and user workflows, can lead to residual sensitive content not being properly removed or encrypted as intended. This results in a potential exposure of sensitive information either on screen or in printed output that differs from what was reviewed by the user. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The CVSS v3.1 base score is 4.7, reflecting a medium severity with an attack vector limited to local access, high attack complexity, no privileges required, and user interaction necessary. The scope is unchanged, and the impact is primarily on confidentiality, with no impact on integrity or availability. No public exploits have been reported yet, and no patches are currently linked, indicating that mitigation may require vendor updates or workarounds.

The primary impact of CVE-2026-3774 is the unintended exposure of sensitive information that users expect to be redacted, encrypted, or securely printed. For organizations handling confidential or regulated data (e.g., legal, healthcare, finance), this vulnerability could lead to data leakage, violating privacy policies and regulatory compliance requirements such as GDPR or HIPAA. The exposure might be subtle, involving small amounts of data, but could still reveal critical information if exploited in targeted scenarios. Since exploitation requires local access and user interaction, the risk is mitigated somewhat but remains significant in environments where users handle sensitive PDFs frequently. Printed documents may also contain unexpected sensitive content, increasing the risk of physical data leakage. The vulnerability does not affect data integrity or system availability, but the confidentiality breach can undermine trust and lead to reputational damage or legal consequences.

Organizations should immediately review their use of Foxit PDF Editor, especially versions 2025.3 and earlier, and restrict usage to trusted users with minimal exposure to untrusted PDF documents. Until a vendor patch is available, users should avoid relying solely on the application’s redaction and encryption features when handling highly sensitive information. Implement additional manual verification steps to confirm that redacted or encrypted content is fully removed before sharing or printing documents. Disable or restrict the use of PDF JavaScript and document/print actions within Foxit PDF Editor through application settings or group policies to prevent script-driven updates that bypass protections. Employ endpoint security controls to limit local access and monitor for suspicious PDF manipulation activities. Maintain awareness of vendor advisories for patches or updates addressing this vulnerability and apply them promptly once released.