Cybersecurity News Kinetic Potential

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Thu, 02/19/2026 - 10:01 / 0 Comments

Researchers have identified more than a dozen vulnerabilities in popular PDF platforms from Foxit and Apryse, demonstrating how attackers could have exploited them for account takeover, data exfiltration, and other attacks.

The vulnerabilities were discovered by researchers at penetration testing startup Novee, which emerged from stealth mode in January 2026 with over $51 million in funding.

The findings were responsibly disclosed to Foxit and Apryse, and both vendors have patched the reported vulnerabilities.

Novee’s research targeted Apryse WebViewer and Foxit PDF cloud services. Apryse WebViewer, formerly PDFTron, is a JavaScript-based document SDK and UI component library that enables developers to embed viewing, annotation, editing, and conversion features directly into web applications and browsers.

Foxit PDF cloud services, such as Foxit PDF Editor Cloud, are browser-based PDF solutions that provide a full-featured platform for viewing, creating, editing, annotating, organizing, converting, securing, exporting, and signing PDF documents and forms.

Novee’s analysis — powered by specialized AI agents — led to the discovery of 16 vulnerabilities across Apryse and Foxit products. One critical and two high-severity vulnerabilities were found in Apryse products, and two high-severity and 11 medium-severity issues were identified in Foxit products.

The list of flaws includes DOM XSS, SSRF, stored and reflected XSS, path traversal, and OS command injection vulnerabilities.

Novee’s tests demonstrated that attackers could have exploited the security holes via specially crafted documents, URLs, or messages to execute arbitrary code or commands.

“Several vulnerabilities were exploitable with a single request and affected trusted domains commonly embedded inside enterprise applications,” the security firm explained.

The researchers showed that in scenarios where PDF viewers are embedded in authenticated applications an attacker could have leveraged the XSS flaws for account takeover. In addition, an attacker could have exploited the weaknesses to exfiltrate sensitive document or user data, manipulate documents, or achieve persistent compromise using payloads that survive page refreshes.

“From a defender’s perspective, this means that a component long assumed to be low risk can quietly become a high-impact attack surface,” Novee said.

This article was published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
3 + 13 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts