Skip to main content

Foxit PDF Editor and Reader CVE-2026-5937

| EUVDEUVD-2026-25823 MEDIUM
Uncaught Exception (CWE-248)
2026-04-27 Foxit
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Apr 27, 2026 - 12:01 vuln.today
EUVD ID Assigned
Apr 27, 2026 - 11:30 euvd
EUVD-2026-25823
Analysis Generated
Apr 27, 2026 - 11:30 vuln.today
CVE Published
Apr 27, 2026 - 11:00 nvd
MEDIUM 5.5

DescriptionCVE.org

Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.

AnalysisAI

Unhandled exception in Foxit PDF Editor and Foxit PDF Reader allows local denial of service when a user opens a maliciously crafted PDF file with insufficient parameter verification, causing the application to crash via an uncaught std::invalid_argument exception. The vulnerability requires user interaction (opening a file) and local file access but affects all versions of both products without authentication requirements.

Technical ContextAI

The vulnerability stems from CWE-248 (Uncaught Exception), a class of weaknesses where applications fail to properly catch and handle exceptions. In this case, Foxit's PDF parsing engine does not validate parameters sufficiently before processing file data, leading to format errors that trigger an unhandled C++ std::invalid_argument exception. This exception occurs at a level in the call stack where no exception handler exists, causing immediate application termination. The affected products (Foxit PDF Editor and Foxit PDF Reader) share common PDF parsing libraries where this validation gap exists across multiple versions.

RemediationAI

Contact Foxit Software for patch availability and specific fix versions, as the security bulletin reference does not provide explicit patch versions in the available data. Users should avoid opening PDF files from untrusted sources until a patch is available. As a temporary compensating control, disable PDF auto-opening in email clients and file managers, and restrict PDF file access to sandboxed or isolated environments if available. Users can work around individual problematic PDFs by using alternative PDF readers (such as Adobe Acrobat Reader or open-source tools) to determine if the file is malicious before attempting to open it in Foxit. Monitor Foxit's support page for security bulletin updates that will contain precise fix versions and deployment guidance.

CVE-2026-57240 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg

CVE-2026-13126 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows

CVE-2026-13127 HIGH
7.8 Jul 08

Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re

CVE-2026-13128 HIGH
7.8 Jul 08

Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a

CVE-2026-13129 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack

CVE-2026-57238 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the

CVE-2026-57242 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4

CVE-2026-57245 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac

CVE-2026-57246 HIGH
7.8 Jul 08

Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr

CVE-2026-57248 HIGH
7.8 Jul 08

Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe

CVE-2026-57249 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application

CVE-2026-57251 HIGH
7.8 Jul 08

Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st

Share

CVE-2026-5937 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy