Foxit PDF Editor Vulnerabilities Let Attackers Execute Arbitrary JavaScript

Critical cross-site scripting (XSS) vulnerabilities, CVE-2026-1591 and CVE-2026-1592, in Foxit PDF Editor Cloud allow attackers to execute arbitrary JavaScript code by exploiting insecure handling of file attachments and layer names. Foxit has released security patches, with automatic updates for the Cloud version and desktop users advised to update manually.