PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (CVE-2026-2040)
CVE number = CVE-2026-2040
This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor.
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the TrackerUpdate process. The product loads a library from an unsecured location.
An attacker can leverage this vulnerability to escalate privileges and execute code in the context of a target user.
This issue has been fixed in version 10.7.3.401
https://www.pdf-xchange.com/product/pdf-xchange-editor/history#10.7.3.401

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.
