Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Researchers have identified more than a dozen vulnerabilities in popular PDF platforms from Foxit and Apryse, demonstrating how attackers could have exploited them for account takeover, data exfiltration, and other attacks.

The vulnerabilities were discovered by researchers at penetration testing startup Novee, which emerged from stealth mode in January 2026 with over $51 million in funding.

The findings were responsibly disclosed to Foxit and Apryse, and both vendors have patched the reported vulnerabilities.

Novee’s research targeted Apryse WebViewer and Foxit PDF cloud services. Apryse WebViewer, formerly PDFTron, is a JavaScript-based document SDK and UI component library that enables developers to embed viewing, annotation, editing, and conversion features directly into web applications and browsers.

Foxit PDF cloud services, such as Foxit PDF Editor Cloud, are browser-based PDF solutions that provide a full-featured platform for viewing, creating, editing, annotating, organizing, converting, securing, exporting, and signing PDF documents and forms.

Novee’s ...