VDB
CVE-2026-2040
CVE-2026-2040
PUBLISHED
CVSS 7.300000190734863 HIGH
PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TrackerUpdate process. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of a target user. Was ZDI-CAN-27788.
EPSS 0.01% · 1.5th percentile
Risk Scores
CVSS 3.0
7.300000190734863
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.01%
1.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PDF-XChange | PDF-XChange Editor | 10.7.2.400 |
Exploit Intelligence
- CIRCL seen: CVE-2026-2040 (circl-sighting)
- ZDI-26-122 (circl)
Timeline
- Feb 19, 2026 PoC Published
- Feb 19, 2026 CVE Published
- Feb 21, 2026 EPSS Score
- Feb 23, 2026 EPSS Score
- Feb 24, 2026 EPSS Score
- Feb 26, 2026 EPSS Score
- Feb 28, 2026 EPSS Score
- Mar 1, 2026 EPSS Score
- Mar 3, 2026 EPSS Score
- Mar 5, 2026 EPSS Score
- Mar 6, 2026 EPSS Score
- Mar 8, 2026 EPSS Score