Vulnerability Description
The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxit | Pdf Editor | <= 13.2.2.24014 |
| Foxit | Pdf Reader | <= 2025.3.0.35737 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://www.foxit.com/support/security-bulletins.htmlVendor Advisory
FAQ
What is CVE-2026-3774?
CVE-2026-3774 is a vulnerability with a CVSS score of 4.7 (MEDIUM). The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redactio...
How severe is CVE-2026-3774?
CVE-2026-3774 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3774?
Check the references section above for vendor advisories and patch information. Affected products include: Foxit Pdf Editor, Foxit Pdf Reader, Microsoft Windows.