{"id":43855,"date":"2026-02-24T01:02:17","date_gmt":"2026-02-23T17:02:17","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/02\/24\/multiple-zero-day-flaws-in-pdf-platforms-enable-xss-and-one-click-attacks\/"},"modified":"2026-02-24T01:02:17","modified_gmt":"2026-02-23T17:02:17","slug":"multiple-zero-day-flaws-in-pdf-platforms-enable-xss-and-one-click-attacks","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/02\/24\/multiple-zero-day-flaws-in-pdf-platforms-enable-xss-and-one-click-attacks\/","title":{"rendered":"Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks"},"content":{"rendered":"\n

We often think of a PDF file<\/strong><\/a> (Portable Document Format file) as a simple digital version of a printed document. However, new research shared with Hackread.com reveals that these everyday tools have become complex “application stacks” that hackers can use as a doorway into private networks.<\/p>\n

The team at Novee Security recently inspected two major PDF systems: Foxit and Apryse. Their study, released on February 18th, 2026, identified 13 vulnerability categories and 16 total ways a system could be hacked. <\/p>\n

It is worth noting that these aren’t minor glitches; these zero-day vulnerabilities<\/a> <\/strong>could allow attackers to take over accounts or run commands on a company\u2019s backend servers without needing to break into the browser or operating system directly.<\/p>\n

Hunting for Bugs with AI<\/strong><\/h3>\n

As we know it, finding security holes in massive amounts of code is a huge challenge. To speed things up, researchers used a “human-agent” approach; they first identified the “scent” of a vulnerability (the specific patterns where a program might be weak) and then taught these patterns to an AI “swarm.”<\/p>\n

They found that this AI swarm could scan through scrambled code much faster than a person. This method allowed them to find high-impact problems that standard tools often miss. One discovery was a Critical flaw in the Foxit signature server, which handles digital signatures for legal documents.<\/p>\n

\u201cOur strategy involved a human-agent symbiosis: our researchers manually identified foundational vulnerability patterns, which were then taught to the Novee agent. Once the agent internalized the \u201cscent\u201d of these bugs, it autonomously explored the massive attack surface of both vendors. The result was the discovery of 13 distinct vulnerability categories, ranging from critical XSS<\/a><\/strong> to OS Command Injection,\u201d researchers explained.<\/p>\n

\n
\"Multiple<\/figure>\n<\/p><\/div>\n

How a One-Click Attack Works<\/strong><\/h3>\n

Some of the most worrying finds were one-click attacks, where simply opening a document or clicking a link triggers the trap. Key identified risks include:<\/p>\n

    \n
  • CVE-2025-70402 and CVE-2025-70400: Flaws in Apryse WebViewer, where the system trusts remote configuration files it shouldn’t, allowing hackers to run malicious code via a link.<\/li>\n
  • CVE-2025-70401: Researchers also found they could hide a script in the “Author” name of a PDF comment. As soon as a victim types one character in the notes, the script runs to steal login data.<\/li>\n
  • CVE-2025-66500: Foxit\u2019s web plugins had a similar weakness where an attacker could send a fake message to trick the plugin into running a harmful script.<\/li>\n<\/ul>\n

    In a live test, the AI agent even found it could send a simple request to a server and get it to “execute the injected command,” giving the researchers full control over that part of the system.<\/p>\n