Description
PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the TrackerUpdate process. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of a target user. Was ZDI-CAN-27788.
Published: 2026-02-20
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

An uncontrolled search path element in the TrackerUpdate process allows a local attacker who has already obtained a low‑privilege execution environment to load an attacker‑controlled library from an unsecured location. This flaw can raise the privilege level of the attacker’s code to that of the target user, enabling the attacker to run arbitrary code with elevated rights. The weakness is consistent with CWE‑427, which describes problems related to the ability to influence or control the library search path used by an application.

Affected Systems

PDF‑XChange Editor is the affected product. No specific version information or additional vendor details are supplied in this report, so any installation of PDF‑XChange Editor that contains the default TrackerUpdate behavior is potentially vulnerable.

Risk and Exploitability

The calculated CVSS score is 7.3, indicating a high severity vulnerability when the conditions are met. The EPSS score is below 1 %, and the vulnerability is not listed in the CISA KEV catalog, suggesting that it is not widely exploited in the wild. However, exploitation requires the attacker to have local code execution already, which is plausible if the attacker has compromised an application or executed a malicious script on the system. Therefore the primary risk is to users who have inadvertently run untrusted code or who have been infected by malware capable of low‑privilege execution.

Generated by OpenCVE AI on April 17, 2026 at 17:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and install the latest vendor patch for PDF‑XChange Editor that removes the TrackerUpdate library loading flaw.
  • Restrict the ability for arbitrary binaries to run by enforcing application whitelisting or disabling execution from untrusted locations, thereby preventing the precursory low‑privilege code execution required by this vulnerability.
  • If a patch is not yet available, consider disabling or removing the TrackerUpdate functionality and configuring the system’s library search path to exclude untrusted directories, thereby mitigating the uncontrolled search path element.

Generated by OpenCVE AI on April 17, 2026 at 17:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Pdf-xchange
Pdf-xchange pdf-xchange Editor
Vendors & Products Pdf-xchange
Pdf-xchange pdf-xchange Editor

Fri, 20 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Description PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TrackerUpdate process. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of a target user. Was ZDI-CAN-27788.
Title PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Pdf-xchange Pdf-xchange Editor
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-02-24T15:07:07.127Z

Reserved: 2026-02-06T01:13:48.593Z

Link: CVE-2026-2040

cve-icon Vulnrichment

Updated: 2026-02-24T15:07:02.800Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T23:16:04.050

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2040

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:15:23Z

Weaknesses