105/69 Friday, February 20, 2026
Researchers from security firm Novee have disclosed the discovery of 16 security vulnerabilities affecting PDF document management platforms, including Apryse WebViewer and Foxit PDF Cloud. The findings were assisted by AI agents used during the analysis process. The vulnerabilities range in severity from medium to critical and could potentially be exploited to enable account takeover, sensitive data exfiltration, and remote system control.
The identified vulnerabilities include DOM-based Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), Path Traversal, and OS Command Injection. Attackers could exploit these flaws by delivering specially crafted PDF files or URLs designed to execute malicious code or commands to access sensitive data. Researchers warned that if organizations embed PDF viewers within authenticated applications, attackers could leverage XSS vulnerabilities to steal user session tokens and hijack accounts. Additionally, certain payloads may achieve persistence-even after page refresh-allowing continued surveillance or unauthorized access to confidential document content.
Both Foxit and Apryse have released patches to address the vulnerabilities and have strengthened default configurations and documentation guidance. The vendors emphasized adherence to responsible disclosure practices throughout the remediation process. Researchers also highlighted that components often perceived as low risk—such as document management systems-can become critical attack vectors if not continuously assessed and properly secured.
