Researchers have uncovered significant vulnerabilities in widely used PDF platforms from Foxit and Apryse, highlighting potential risks such as account takeover and data exfiltration. These discoveries underscore the importance of robust security measures in digital document management solutions.
Discovery of Vulnerabilities by Novee
The vulnerabilities were identified by Novee, a penetration testing firm launched in January 2026 with substantial funding, amounting to over $51 million. Their research focused on Apryse WebViewer and Foxit PDF cloud services, revealing 16 distinct vulnerabilities.
Novee’s investigation into Apryse and Foxit products identified one critical and two high-severity vulnerabilities in Apryse offerings, alongside two high-severity and 11 medium-severity issues in Foxit products. These flaws included various types of XSS and command injection vulnerabilities.
Potential Exploitation and Impact
Exploitation of these vulnerabilities could have allowed attackers to execute arbitrary code or commands through specially crafted documents or URLs. Such security holes posed a risk of account takeovers, data extraction, and document manipulation, particularly in enterprise applications where these PDF viewers are embedded.
The vulnerabilities, some of which could be exploited with minimal effort, highlighted the potential for a high-impact attack surface in components traditionally deemed low-risk. Novee emphasized the importance of re-evaluating security assumptions around these tools.
Foxit and Apryse’s Response
Both Foxit and Apryse responded promptly to Novee’s findings. Foxit’s Hongtao Huang highlighted the company’s dedication to security through an active responsible disclosure program. Collaborative efforts with Novee led to swift remediation and updates published via their Trust Center.
Similarly, Stan Kornacki from Apryse detailed the measures taken to address the vulnerabilities, including product updates and improved documentation. Apryse’s comprehensive vulnerability management process aims to maintain high standards of code quality and minimize future occurrences.
This incident exemplifies the importance of cooperation between security researchers and software vendors to enhance product security and protect user data. As digital threats continue to evolve, such partnerships are critical in maintaining the integrity and trustworthiness of software solutions.
