CVE-2026-3778: CWE-674: Uncontrolled Recursion in Foxit Software Inc. Foxit PDF Editor
CVE-2026-3778 is a medium severity vulnerability in Foxit PDF Editor affecting versions 2025. 3 and earlier, 14. 0. 2 and earlier, and 13. 2. 2 and earlier. The application fails to detect cyclic references in PDF JavaScript objects, which can lead to uncontrolled recursion when processing documents with cyclic page and annotation references. This recursion can cause stack exhaustion and crash the application. There is no indication of confidentiality or integrity impact, and no known exploits are reported. Patch status is not confirmed as no official fix or patch links are provided.
AI Analysis
Technical Summary
Foxit PDF Editor does not guard against cyclic PDF object references in JavaScript embedded within PDFs. When documents contain pages and annotations that reference each other in a loop, APIs that perform deep traversal of the document structure (such as SOAP APIs) may enter uncontrolled recursion. This results in stack exhaustion and application crashes. The vulnerability affects multiple versions of Foxit PDF Editor released before 2026. No vendor advisory or patch information is currently available.
Potential Impact
The vulnerability can cause denial of service through application crashes due to stack exhaustion triggered by uncontrolled recursion. There is no reported impact on confidentiality or integrity. No known exploits in the wild have been documented.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid processing untrusted or suspicious PDF documents that may contain cyclic references in JavaScript objects. Monitor vendor communications for updates on patches or official mitigations.
CVE-2026-3778: CWE-674: Uncontrolled Recursion in Foxit Software Inc. Foxit PDF Editor
Description
CVE-2026-3778 is a medium severity vulnerability in Foxit PDF Editor affecting versions 2025. 3 and earlier, 14. 0. 2 and earlier, and 13. 2. 2 and earlier. The application fails to detect cyclic references in PDF JavaScript objects, which can lead to uncontrolled recursion when processing documents with cyclic page and annotation references. This recursion can cause stack exhaustion and crash the application. There is no indication of confidentiality or integrity impact, and no known exploits are reported. Patch status is not confirmed as no official fix or patch links are provided.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Foxit PDF Editor does not guard against cyclic PDF object references in JavaScript embedded within PDFs. When documents contain pages and annotations that reference each other in a loop, APIs that perform deep traversal of the document structure (such as SOAP APIs) may enter uncontrolled recursion. This results in stack exhaustion and application crashes. The vulnerability affects multiple versions of Foxit PDF Editor released before 2026. No vendor advisory or patch information is currently available.
Potential Impact
The vulnerability can cause denial of service through application crashes due to stack exhaustion triggered by uncontrolled recursion. There is no reported impact on confidentiality or integrity. No known exploits in the wild have been documented.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid processing untrusted or suspicious PDF documents that may contain cyclic references in JavaScript objects. Monitor vendor communications for updates on patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Foxit
- Date Reserved
- 2026-03-08T03:43:26.764Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cc7a8ee6bfc5ba1d85411d
Added to database: 4/1/2026, 1:53:18 AM
Last enriched: 4/8/2026, 6:39:08 AM
Last updated: 5/16/2026, 5:39:01 AM
Views: 69
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.