CVE Catalog

CVE-2026-12057

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

The application executing the JavaScript script embedded in the PDF within the sandbox fails to intercept some dangerous interfaces, allowing remote scripts to be loaded and resulting in arbitrary code execution.

Risk Assessment

Exploitation of this vulnerability may lead to remote code execution, posing a serious threat to the security of the system and the organization's data.

Recommendation

It is recommended to update the application to the latest version that fixes this vulnerability and to review the security policy regarding script handling in PDF files.

Original NVD description (English source)

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS