All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-12057
HIGHpublished 2026-06-15 12:16 UTC · 10 days ago · modified 2026-06-16 16:43 UTC
8.6
CVSS / 10
// description
When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.
// cvss 3.1 vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
// weaknesses (CWE)
- CWE-829