Foxit PDF Reader Update Service Local Privilege Escalation (CVE‑2026‑3775) Threatens Enterprise Endpoints
What It Is – A newly disclosed vulnerability (CVE‑2026‑3775) in the Foxit PDF Reader Update Service allows a low‑privileged attacker to load a malicious library from an uncontrolled search path, resulting in privilege escalation to SYSTEM.
Exploitability – The flaw is local‑only; an attacker must already have code execution as a standard user. No public exploit code has been released, but the CVSS 7.8 score (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects a high impact once the prerequisite is met.
Affected Products – Foxit PDF Reader (all versions prior to the 2026 security update).
TPRM Impact –
- End‑user workstations and laptops that process third‑party PDFs become a foothold for attackers to gain SYSTEM rights.
- Compromise of a single endpoint can enable lateral movement into corporate networks, exposing downstream suppliers and partners.
Recommended Actions –
- Deploy Foxit’s security update immediately across all managed devices.
- Verify that the Update Service’s library search path points only to trusted, signed locations.
- Conduct an inventory of Foxit Reader installations and enforce patch compliance.
- Add monitoring for unexpected SYSTEM‑level processes spawned by
FoxitReaderUpdateService.exe.