NewsSecurity Vulnerabilities

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (CVE-2026-2040)

CVE number = CVE-2026-2040

This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor.

An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the TrackerUpdate process. The product loads a library from an unsecured location.

An attacker can leverage this vulnerability to escalate privileges and execute code in the context of a target user.

This issue has been fixed in version 10.7.3.401 
https://www.pdf-xchange.com/product/pdf-xchange-editor/history#10.7.3.401

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.