Skip to main content

Foxit PDF Reader CVE-2026-5941

| EUVDEUVD-2026-25827 HIGH
Improper Input Validation (CWE-20)
2026-04-27 Foxit
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 27, 2026 - 12:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 27, 2026 - 12:22 vuln.today
cvss_changed
Analysis Generated
Apr 27, 2026 - 12:00 vuln.today
EUVD ID Assigned
Apr 27, 2026 - 11:30 euvd
EUVD-2026-25827
Analysis Generated
Apr 27, 2026 - 11:30 vuln.today
CVE Published
Apr 27, 2026 - 11:00 nvd
HIGH 7.8

DescriptionCVE.org

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.

AnalysisAI

Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows local attackers to crash the application or potentially execute arbitrary code through specially crafted PDF files with malformed form field hierarchies. The vulnerability triggers when parsing logic misidentifies non-signature data as valid signatures, causing invalid memory writes during internal data structure construction. User interaction is required to open the malicious PDF document. No active exploitation has been identified at time of analysis, though the local attack vector and high CVSS score (7.8) warrant attention for endpoint security in environments handling untrusted PDF files.

Technical ContextAI

This vulnerability affects Foxit's PDF parsing engine, specifically the component responsible for processing PDF form field hierarchies and digital signature validation. The root cause is classified as CWE-20 (Improper Input Validation), where the parser fails to properly validate form field structure before processing signature-related data. When encountering malformed hierarchies, the flawed parsing logic misinterprets non-signature data as valid signature objects, leading to construction of corrupted internal data structures. This triggers invalid memory writes that manifest as crashes and potentially exploitable memory corruption conditions. The affected products are identified by CPE strings as Foxit PDF Reader (cpe:2.3:a:foxit_software_inc.:foxit_pdf_reader) and Foxit PDF Editor (cpe:2.3:a:foxit_software_inc.:foxit_pdf_editor), both widely deployed PDF processing applications on Windows, macOS, and Linux platforms.

RemediationAI

Check the official Foxit security bulletin at https://www.foxit.com/support/security-bulletins.html for the vendor-released patch and specific affected version ranges, then upgrade both Foxit PDF Reader and Foxit PDF Editor to the patched versions listed in the advisory. Until patching is complete, implement compensating controls: configure PDF applications to disable automatic opening of embedded content and disable JavaScript execution in PDF settings (trade-off: reduces functionality for interactive forms). Deploy endpoint detection rules monitoring for crashes in foxit*.exe processes when opening PDF files as potential exploitation indicators. Restrict PDF file sources through email filtering and web proxy policies to block PDFs from untrusted origins (trade-off: may impact legitimate business workflows requiring external PDF receipt). For high-security environments handling sensitive data, consider temporarily switching to alternative PDF readers for untrusted documents until patching is verified, though this introduces user experience and workflow disruption costs.

CVE-2026-57240 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg

CVE-2026-13126 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows

CVE-2026-13127 HIGH
7.8 Jul 08

Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re

CVE-2026-13128 HIGH
7.8 Jul 08

Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a

CVE-2026-13129 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack

CVE-2026-57238 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the

CVE-2026-57242 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4

CVE-2026-57245 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac

CVE-2026-57246 HIGH
7.8 Jul 08

Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr

CVE-2026-57248 HIGH
7.8 Jul 08

Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe

CVE-2026-57249 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application

CVE-2026-57251 HIGH
7.8 Jul 08

Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st

Share

CVE-2026-5941 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy