Changeflow GovPing Data Privacy & Cybersecurity FoxIT PDF Editor and Reader Multiple Vulnerabil...
Priority review Notice Added Final

FoxIT PDF Editor and Reader Multiple Vulnerabilities

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published
Detected
Email

Summary

CERT-FR published an advisory warning of 7 multiple vulnerabilities (CVE-2026-3774 through CVE-2026-3780) in FoxIT PDF Editor and Reader software. These vulnerabilities affect Windows and Mac versions prior to 13.2.3, 14.0.3, and 2026.1. Exploitation risks include arbitrary code execution, privilege escalation, data confidentiality breach, and denial of service. Organizations using affected products should update immediately.

Published by CERT-FR on cert.ssi.gouv.fr . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .
View original document View source feed page

What changed

CERT-FR issued advisory CERTFR-2026-AVI-0382 identifying 7 vulnerabilities (CVE-2026-3774 to CVE-2026-3780) in FoxIT PDF Editor and Reader products across multiple versions. Affected systems include PDF Editor for Mac (13.x before 13.2.3, 14.x before 14.0.3, versions before 2026.1), PDF Editor for Windows (13.x before 13.2.3, 14.x before 14.0.3, versions before 2026.1), and PDF Reader for Mac and Windows (versions before 2026.1). The vulnerabilities pose risks including arbitrary code execution, privilege elevation, data confidentiality breach, and denial of service.

Organizations should immediately identify FoxIT PDF Editor and Reader installations, update to patched versions (13.2.3+, 14.0.3+, or 2026.1+ as applicable), and verify successful patch application. Refer to the FoxIT security bulletin at foxitsoftware.com/support/security-bulletins.php for specific patch information.

What to do next

  1. Identify all FoxIT PDF Editor and Reader installations in your organization
  2. Update affected software to versions 13.2.3+, 14.0.3+, or 2026.1+ as applicable
  3. Verify patches are applied successfully and systems are no longer vulnerable

Archived snapshot

Mar 31, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 31 mars 2026 N° CERTFR-2026-AVI-0382 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans les produits FoxIT

Gestion du document

| Référence | CERTFR-2026-AVI-0382 |
| Titre | Multiples vulnérabilités dans les produits FoxIT |
| Date de la première version | 31 mars 2026 |
| Date de la dernière version | 31 mars 2026 |
| Source(s) | Bulletin de sécurité FoxIT security-bulletins.php du 31 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à la confidentialité des données
  • Déni de service
  • Exécution de code arbitraire
  • Élévation de privilèges

Systèmes affectés

  • PDF Editor pour Mac versions 13.x antérieures à 13.2.3
  • PDF Editor pour Mac versions 14.x antérieures à 14.0.3
  • PDF Editor pour Mac versions antérieures à 2026.1
  • PDF Editor versions 13.x antérieures à 13.2.3
  • PDF Editor versions 14.x antérieures à 14.0.3
  • PDF Editor versions antérieures à 2026.1
  • PDF Reader pour Mac versions antérieures à 2026.1
  • PDF Reader versions antérieures à 2026.1

Résumé

De multiples vulnérabilités ont été découvertes dans les produits FoxIT. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 31 mars 2026 Version initiale

Related changes

Favicon for www.cert.ssi.gouv.fr Multiple Linux Kernel Vulnerabilities in Ubuntu, Privilege Escalation and Data Breach Risk
Priority review Apr 17, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Mattermost Server Multiple Vulnerabilities - Data Integrity, CSRF, Policy Bypass
Priority review Apr 16, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Vulnerabilities in Cisco ISE and Webex Products
Priority review Apr 16, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Get daily alerts for CERT-FR Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-FR.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CERT-FR
Published
March 31st, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
CERTFR-2026-AVI-0382

Who this affects

Applies to
Technology companies Government agencies Manufacturers
Industry sector
5112 Software & Technology 3341 Computer & Electronics Manufacturing 9211 Government & Public Administration
Activity scope
Software Vulnerability Management Patch Management
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Software Security

Browse Categories

Agriculture & Food Safety 69 AI Regulation 3 Banking & Finance 345 Consumer Protection 72 Courts & Legal 361 Data Privacy & Cybersecurity 81 Defense & National Security 51 Education 48 Energy 100 Environment 86 Environmental & Energy 38 Environmental Regulation 7 Financial Regulation 2 Financial Services 7 Government & Legislation 278 Government Operations 116 Healthcare 136 Healthcare Compliance 6 Healthcare & Life Sciences 119 Housing 16 Immigration 8 Immigration & Border Control 2 Insurance 68 Labor & Employment 128 Legal & Judicial 36 Occupational Safety 2 Pharma & Drug Safety 101 Pharma & Healthcare 1 Privacy 1 Public Health 2 Real Estate & Housing 61 Sanctions & Export Controls 2 Securities & Investments 32 Securities & Markets 103 Securities Regulation 6 Tax 64 Tax & Revenue 9 Telecom & Technology 47 Trade & Commerce 3 Trade & Sanctions 135 Transportation 89

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!