Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
PDF-XChange Editor allows local attackers to gain administrator access
CVE-2026-2040
Summary
PDF-XChange Editor has a security flaw that could allow a malicious local user to gain administrator access on a computer. This means a hacker with some basic access could potentially take control of the entire system. To stay secure, users should update the PDF-XChange Editor software to the latest version available.
Original title
PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installation...
Original description
PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the TrackerUpdate process. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of a target user. Was ZDI-CAN-27788.
The specific flaw exists within the TrackerUpdate process. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of a target user. Was ZDI-CAN-27788.
nvd CVSS3.0
7.3
Vulnerability type
CWE-427
Uncontrolled Search Path Element
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026