CVE-2026-5939
published 2026-04-27CVE-2026-5939: A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxit | pdf_editor | >= 14.0.0 < 14.0.4 | 14.0.4 |
| foxit | pdf_editor | >= 2023.0.0 < 2026.1.1 | 2026.1.1 |
| foxit | pdf_reader | < 2026.1.1 | 2026.1.1 |
| foxit_software_inc | foxit_pdf_editor | — | — |
| foxit_software_inc | foxit_pdf_editor | — | — |
| foxit_software_inc | foxit_pdf_reader | — | — |