Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.
AnalysisAI
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows local attackers to crash the application or execute arbitrary code by opening a crafted XFA PDF file during calculate event processing. The vulnerability requires user interaction (opening a malicious PDF) but impacts both products across all versions listed in CPE data. No public exploit code or active exploitation has been confirmed at this time.
Technical ContextAI
XFA (XML Forms Architecture) is an Adobe technology embedded in PDF documents to enable dynamic form behavior and scripting. The vulnerability is a use-after-free condition (CWE-416), a memory safety flaw where the application attempts to access memory that has already been freed during the calculate event phase of XFA form processing. Calculate events fire when form field values change, triggering recalculation of dependent fields. A specially crafted XFA PDF can manipulate the object lifecycle during this event, causing a freed memory reference to be accessed, leading to undefined behavior ranging from denial of service to code execution depending on heap state and memory layout.
RemediationAI
Check Foxit's security bulletins at https://www.foxit.com/support/security-bulletins.html for the CVE-2026-5939 advisory to identify patched versions for both Foxit PDF Editor and Foxit PDF Reader, then upgrade to the recommended fixed version. As an interim compensating control, restrict access to XFA-enabled PDFs from untrusted sources by implementing document scanning policies and user awareness training to avoid opening suspicious PDF attachments. Organizations can also disable XFA form processing in Foxit settings if the feature is not operationally required, though this may limit legitimate form functionality. Monitor Foxit software for unexpected crashes during PDF loading as an early detection signal.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25825