Zero Day MonitorZDM

← Back to list

4.7

CVE-2026-3774

adobe · adobe acrobat

Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor

Description

The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen.

Affected Products

Vendor	Product	Versions
adobe	adobe acrobat	Versions 2025.3 and earlier

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
foxit	pdf editor	cert_advisory	90%
foxit	pdf reader	cert_advisory	90%

References

https://www.foxit.com/support/security-bulletins.html

Related News (2 articles)

Tier B

BSI Advisories20h ago

[UPDATE] [mittel] Foxit PDF Editor und Reader: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR2d ago

Multiples vulnérabilités dans les produits FoxIT (31 mars 2026)

→ No new info (linked only)

CVSS 3.14.7 MEDIUM

VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-200

PublishedApr 1, 2026

Last enriched9h ago

Trending Score32

Source articles2

Independent2

Info Completeness5/14

Missing: vendor, product, versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-3778

Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

HIGHCVE-2026-27220

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current

HIGHCVE-2026-27276

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is

HIGHCVE-2026-27272

Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi

HIGHCVE-2026-27274

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026