CVE-2026-3774 MEDIUM

CVE-2026-3774: Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor

Vendor Foxit Software Inc.

Product Foxit PDF Editor

Weakness CWE-200 · Info exposure

Published April 1, 2026

Last update April 2, 2026

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Local

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen.

Key dates

02Disclosure timeline

April 1, 2026 CVE published

April 2, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-3774 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2026-3774

CWE CWE-200

CVSS 4.7 / MEDIUM

Affected versions