Security Advisory

CVE-2026-3778

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-01 01:40:31

Last updated 2026-04-02 02:13:28

Assigner Foxit

State PUBLISHED

Description

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.

← Browse all CVEs View on cve.org ↗