CVE-2026-5940
published 2026-04-27CVE-2026-5940: Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxit | pdf_editor | < 13.2.4 | 13.2.4 |
| foxit | pdf_editor | >= 14.0.0 < 14.0.4 | 14.0.4 |
| foxit | pdf_editor | >= 2023.0.0 < 2026.1.1 | 2026.1.1 |
| foxit | pdf_reader | < 2026.1.1 | 2026.1.1 |
| foxit_software_inc | foxit_pdf_editor | — | — |
| foxit_software_inc | foxit_pdf_editor | — | — |
| foxit_software_inc | foxit_pdf_editor | — | — |
| foxit_software_inc | foxit_pdf_reader | — | — |