CVE-2026-3778

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,2

Source: 14984358-7092-470d-8f34-ade47a7658a2

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.

674

Uncontrolled Recursion

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Confidentiality

Potential Impacts:

Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

https://www.foxit.com/support/security-bulletins.html

CVE-2026-3778

Description

Uncontrolled Recursion

Common Consequences

Applicable Platforms

Iscriviti alla newsletter