Foxit PDF Editor Cloud security updates fix serious cross-site scripting (XSS) flaws that could let hackers run any JavaScript code in users' browsers. The application's File Attachments list and Layers panel were found to have vulnerabilities that allow malicious code to be executed due to inadequate input validation and incorrect output encoding. Learn more about Tools for remote access Plugin for WordPress security Malware Take advantage of Reports of security vulnerabilities Training in security awareness Managers of passwords Protection against phishing Software for vulnerability scanners CVE-2026-1591 and CVE-2026-1592 are the assigned CVEs for two related cross-site scripting vulnerabilities.

Inadequate sanitization of user input in layer names and attachment file names is the root cause of both vulnerabilities. when users use the Layers panel or File Attachments list to interact with crafted payloads.

CVE-2026-1591 Cross-site Scripting (CWE-79) CVE ID Vulnerability Type CVSS Score Severity Impact 6.3 Moderate Arbitrary JavaScript Execution CVE-2026-1592 Cross-site Scripting (CWE-79) 6.3 Moderate Execution of Arbitrary JavaScript The application allows arbitrary JavaScript execution within the user's browser context by improperly encoding untrusted input before embedding it into the HTML structure. The vulnerabilities have a CVSS 3.0 score of 6.3, which indicates moderate severity, and are categorized under CWE-79 (Cross-site Scripting). The attack vector requires minimal privileges (PR:L), user interaction (UI:R), and is network-based (AV:N) with low attack complexity (AC:L).

According to the impact assessment, there is a high risk of confidentiality, little impact on integrity, and no impact on availability.

Find out more Malware elimination service Cybersecurity Tools for digital forensics Guide to Hacker Tools Training in security awareness Taking advantage of Testers for cyber penetration Training in ethical hacking By taking advantage of these flaws, an attacker could gain access to private data that is visible to the authenticated user, such as session data and document contents. Since attackers must first fool users into opening malicious documents or persuade them to interact with specially crafted files, the requirement for user interaction and authenticated access somewhat reduces the attack surface. The real threat posed by these XSS vulnerabilities in a popular PDF editing program, however, is reflected in the moderate severity rating.

Remediation and Reaction As part of the Foxit PDF Editor Cloud update on February 3, 2026, Foxit has published security patches to fix both vulnerabilities.

The company highlights that since updates are automatically deployed for Cloud versions, no user action is necessary. Users of desktop versions should use the application's update mechanism to see what updates are available. Businesses that use Foxit PDF Editor should make sure the most recent patched version is installed on their systems.

In accordance with your organization's security policies, the security response team advises evaluating file handling procedures and, when necessary, restricting user access to PDF editing tools. The Security Response Team at Foxit can be contacted at security-ml@foxit.com with security-related questions. For daily cybersecurity updates, check out X, LinkedIn, and Foxit's official security page for more security advisories and vulnerability reporting details. To have your stories featured, get in touch with us.