CVE-2026-12057
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
The application executing the JavaScript script embedded in the PDF within the sandbox fails to intercept some dangerous interfaces, allowing remote scripts to be loaded and resulting in arbitrary code execution.
Risk Assessment
Exploitation of this vulnerability may lead to remote code execution, posing a serious threat to the security of the system and the organization's data.
Recommendation
It is recommended to update the application to the latest version that fixes this vulnerability and to review the security policy regarding script handling in PDF files.
Original NVD description (English source)
When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.

