Skip to main content

Foxit PDF Reader CVE-2026-5943

| EUVDEUVD-2026-25829 HIGH
Use After Free (CWE-416)
2026-04-27 Foxit
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 27, 2026 - 12:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 27, 2026 - 12:22 vuln.today
cvss_changed
Analysis Generated
Apr 27, 2026 - 12:01 vuln.today
EUVD ID Assigned
Apr 27, 2026 - 11:30 euvd
EUVD-2026-25829
Analysis Generated
Apr 27, 2026 - 11:30 vuln.today
CVE Published
Apr 27, 2026 - 11:00 nvd
HIGH 7.8

DescriptionCVE.org

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.

AnalysisAI

Use-after-free in Foxit PDF Reader and Foxit PDF Editor allows local attackers to execute arbitrary code or crash the application via specially crafted PDF documents. When scripts modify document structures, the software fails to maintain valid object references during page information queries, enabling pointer dereference of freed memory. Successful exploitation requires user interaction to open a malicious PDF file, achieving high confidentiality, integrity, and availability impact with CVSS 7.8. No active exploitation or public exploit code identified at time of analysis, though CVSS vector indicates low attack complexity once victim interaction occurs.

Technical ContextAI

This vulnerability stems from CWE-416 (Use After Free), a memory corruption class where freed heap memory is accessed after deallocation. Foxit PDF products use scripting engines (likely JavaScript) to enable interactive PDF features. When scripts trigger document modifications affecting page structures, the software's internal index and object reference management fails to invalidate pointers to freed memory regions. The CPE data identifies both Foxit PDF Editor (cpe:2.3:a:foxit_software_inc.:foxit_pdf_editor) and Foxit PDF Reader (cpe:2.3:a:foxit_software_inc.:foxit_pdf_reader) as affected, indicating the shared PDF rendering/scripting engine contains the flaw. During page information queries following structure modifications, dereferencing the stale pointer triggers memory corruption, enabling control-flow hijacking or denial of service depending on exploitation technique and heap layout.

RemediationAI

Consult Foxit's official security bulletin at https://www.foxit.com/support/security-bulletins.html for patched versions and apply vendor-released updates immediately. Exact fix versions not independently confirmed from provided data - verify current installed version against vendor advisory and upgrade if listed as vulnerable. As compensating controls until patching: disable JavaScript execution in Foxit PDF products via Edit > Preferences > JavaScript > Enable JavaScript (uncheck) to prevent script-triggered memory corruption, though this breaks interactive PDF features including forms and dynamic content. Implement application whitelisting to block execution of unsigned PDFs from untrusted sources. Deploy PDF sanitization gateways to strip embedded scripts from inbound documents. Train users to avoid opening PDFs from unknown senders or untrusted websites. Note that disabling JavaScript eliminates the trigger mechanism but may impact legitimate business workflows requiring PDF forms or annotations.

CVE-2026-57240 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg

CVE-2026-13126 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows

CVE-2026-13127 HIGH
7.8 Jul 08

Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re

CVE-2026-13128 HIGH
7.8 Jul 08

Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a

CVE-2026-13129 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack

CVE-2026-57238 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the

CVE-2026-57242 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4

CVE-2026-57245 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac

CVE-2026-57246 HIGH
7.8 Jul 08

Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr

CVE-2026-57248 HIGH
7.8 Jul 08

Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe

CVE-2026-57249 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application

CVE-2026-57251 HIGH
7.8 Jul 08

Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st

Share

CVE-2026-5943 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy