CVE-2026-5943 PUBLISHED

Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability

Assigner: Foxit
Reserved: 09.04.2026 Published: 27.04.2026 Updated: 28.04.2026

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Product Status

Vendor Foxit Software Inc.
Product Foxit PDF Editor
Versions Default: unaffected
  • Version Versions 2026.1 and earlier is affected
  • Version Versions 14.0.3 and earlier is affected
  • Version Versions 13.2.3 and earlier is affected
Vendor Foxit Software Inc.
Product Foxit PDF Reader
Versions Default: unaffected
  • Version Versions 2026.1 and earlier is affected

Credits

  • Anonymous working with TrendAI Zero Day Initiative finder

References

Problem Types

  • CWE-416 Use after free CWE

Impacts

  • Potential arbitrary code execution