Skip to main content

Foxit PDF Reader/Editor EUVDEUVD-2026-25826

| CVE-2026-5940 HIGH
Use After Free (CWE-416)
2026-04-27 Foxit
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 27, 2026 - 12:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 27, 2026 - 12:22 vuln.today
cvss_changed
Analysis Generated
Apr 27, 2026 - 12:01 vuln.today
EUVD ID Assigned
Apr 27, 2026 - 11:30 euvd
EUVD-2026-25826
Analysis Generated
Apr 27, 2026 - 11:30 vuln.today
CVE Published
Apr 27, 2026 - 11:00 nvd
HIGH 7.8

DescriptionCVE.org

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.

AnalysisAI

Use-after-free in Foxit PDF Reader and Foxit PDF Editor allows arbitrary code execution when specially crafted PDF documents trigger UI refresh operations after comment deletion via scripting. Local attackers can deliver malicious PDFs and achieve code execution with high integrity and confidentiality impact once a user opens the file. CVSS 7.8 indicates high severity but requires user interaction, limiting automated exploitation. No public exploit code or active exploitation confirmed at time of analysis.

Technical ContextAI

This is a use-after-free vulnerability (CWE-416) in Foxit's PDF rendering engine, affecting both the commercial PDF Editor and free PDF Reader products. The flaw occurs in the JavaScript scripting engine's interaction with the UI rendering subsystem. When embedded JavaScript code programmatically removes comments from a PDF document and subsequently triggers a UI refresh operation, the application accesses memory that has already been deallocated. Use-after-free conditions are particularly dangerous in document readers because they allow attackers to control freed memory contents through carefully structured PDF objects, enabling arbitrary code execution. The vulnerability exists in the object lifecycle management between the scripting API and the UI rendering pipeline, where the comment deletion invalidates pointers that are later dereferenced during screen updates.

RemediationAI

Apply vendor-released patches available through Foxit's security bulletin portal at https://www.foxit.com/support/security-bulletins.html. Specific patched versions not enumerated in available data - refer to the bulletin for exact fixed versions for PDF Reader and PDF Editor respectively. As an interim compensating control, disable JavaScript execution in Foxit PDF products via Edit > Preferences > JavaScript > Enable JavaScript Actions (uncheck), which prevents the scripting trigger required for exploitation but breaks PDF forms and interactive features that rely on JavaScript. For enterprise deployments, implement application whitelisting to block execution of processes spawned from PDF reader processes, limiting post-exploitation impact. Email gateway scanning should flag PDFs containing JavaScript and subject them to enhanced scrutiny or quarantine pending user approval.

CVE-2026-57240 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg

CVE-2026-13126 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows

CVE-2026-13127 HIGH
7.8 Jul 08

Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re

CVE-2026-13128 HIGH
7.8 Jul 08

Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a

CVE-2026-13129 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack

CVE-2026-57238 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the

CVE-2026-57242 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4

CVE-2026-57245 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac

CVE-2026-57246 HIGH
7.8 Jul 08

Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr

CVE-2026-57248 HIGH
7.8 Jul 08

Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe

CVE-2026-57249 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application

CVE-2026-57251 HIGH
7.8 Jul 08

Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st

Share

EUVD-2026-25826 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy