Skip to main content

Foxit PDF Editor and Reader CVE-2026-5939

| EUVDEUVD-2026-25825 MEDIUM
Use After Free (CWE-416)
2026-04-27 Foxit
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Apr 27, 2026 - 12:01 vuln.today
EUVD ID Assigned
Apr 27, 2026 - 11:30 euvd
EUVD-2026-25825
Analysis Generated
Apr 27, 2026 - 11:30 vuln.today
CVE Published
Apr 27, 2026 - 11:00 nvd
MEDIUM 5.5

DescriptionCVE.org

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.

AnalysisAI

Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows local attackers to crash the application or execute arbitrary code by opening a crafted XFA PDF file during calculate event processing. The vulnerability requires user interaction (opening a malicious PDF) but impacts both products across all versions listed in CPE data. No public exploit code or active exploitation has been confirmed at this time.

Technical ContextAI

XFA (XML Forms Architecture) is an Adobe technology embedded in PDF documents to enable dynamic form behavior and scripting. The vulnerability is a use-after-free condition (CWE-416), a memory safety flaw where the application attempts to access memory that has already been freed during the calculate event phase of XFA form processing. Calculate events fire when form field values change, triggering recalculation of dependent fields. A specially crafted XFA PDF can manipulate the object lifecycle during this event, causing a freed memory reference to be accessed, leading to undefined behavior ranging from denial of service to code execution depending on heap state and memory layout.

RemediationAI

Check Foxit's security bulletins at https://www.foxit.com/support/security-bulletins.html for the CVE-2026-5939 advisory to identify patched versions for both Foxit PDF Editor and Foxit PDF Reader, then upgrade to the recommended fixed version. As an interim compensating control, restrict access to XFA-enabled PDFs from untrusted sources by implementing document scanning policies and user awareness training to avoid opening suspicious PDF attachments. Organizations can also disable XFA form processing in Foxit settings if the feature is not operationally required, though this may limit legitimate form functionality. Monitor Foxit software for unexpected crashes during PDF loading as an early detection signal.

CVE-2026-57240 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg

CVE-2026-13126 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows

CVE-2026-13127 HIGH
7.8 Jul 08

Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re

CVE-2026-13128 HIGH
7.8 Jul 08

Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a

CVE-2026-13129 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack

CVE-2026-57238 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the

CVE-2026-57242 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4

CVE-2026-57245 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac

CVE-2026-57246 HIGH
7.8 Jul 08

Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr

CVE-2026-57248 HIGH
7.8 Jul 08

Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe

CVE-2026-57249 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application

CVE-2026-57251 HIGH
7.8 Jul 08

Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st

Share

CVE-2026-5939 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy