{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5937", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "state": "PUBLISHED", "assignerShortName": "Foxit", "dateReserved": "2026-04-09T03:42:03.943Z", "datePublished": "2026-04-27T11:00:42.447Z", "dateUpdated": "2026-04-27T13:42:51.578Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-04-27T11:00:42.447Z"}, "title": "Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-248", "description": "CWE-248 Uncaught exception", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "affected": [{"vendor": "Foxit Software Inc.", "product": "Foxit PDF Editor", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}, {"status": "affected", "version": "Versions 14.0.3 and earlier"}, {"status": "affected", "version": "Versions 13.2.3 and earlier"}], "defaultStatus": "unaffected"}, {"vendor": "Foxit Software Inc.", "product": "Foxit PDF Reader", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled \"std::invalid_argument\" exception, ultimately causing the program to terminate.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled \"std::invalid_argument\" exception, ultimately causing the program to terminate."}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "CITIVD", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T13:38:29.887269Z", "id": "CVE-2026-5937", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:42:51.578Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T13:38:29.887269Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:40:16.406Z"}}], "cna": {"title": "Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "CITIVD"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Foxit Software Inc.", "product": "Foxit PDF Editor", "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}, {"status": "affected", "version": "Versions 14.0.3 and earlier"}, {"status": "affected", "version": "Versions 13.2.3 and earlier"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Foxit Software Inc.", "product": "Foxit PDF Reader", "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled \"std::invalid_argument\" exception, ultimately causing the program to terminate.", "supportingMedia": [{"type": "text/html", "value": "Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled \"std::invalid_argument\" exception, ultimately causing the program to terminate.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248 Uncaught exception"}]}], "providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-04-27T11:00:42.447Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5937", "state": "PUBLISHED", "dateUpdated": "2026-04-27T13:42:51.578Z", "dateReserved": "2026-04-09T03:42:03.943Z", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "datePublished": "2026-04-27T11:00:42.447Z", "assignerShortName": "Foxit"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "388A59F0-28A7-436B-BC75-C77E58F4ECDE", "versionEndExcluding": "13.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C4B8779-474C-43FC-B02E-3754BFAB2432", "versionEndExcluding": "14.0.4", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3D204C5-D29B-4341-B48E-6F634E41126E", "versionEndExcluding": "2026.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "C18DA4A1-62E6-4734-840D-B5280B765A9E", "versionEndExcluding": "2026.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled \"std::invalid_argument\" exception, ultimately causing the program to terminate."}], "id": "CVE-2026-5937", "lastModified": "2026-04-29T17:31:29.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}]}, "published": "2026-04-27T12:16:24.030", "references": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"], "url": "https://www.foxit.com/support/security-bulletins.html"}], "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026.1]"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,14.0.3]"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,13.2.3]"}}], "enrichment": {"confidence": 91.0, "confidence_source": "matching", "scores": [{"score": 91.0, "source": "matching"}]}, "original": {"product": "Foxit PDF Editor", "source": "cna", "vendor": "Foxit Software Inc."}, "product": "foxit_pdf_editor", "vendor": "foxitsoftware"}, {"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026.1]"}}], "enrichment": {"confidence": 84.0, "confidence_source": "matching", "scores": [{"score": 84.0, "source": "matching"}]}, "original": {"product": "Foxit PDF Reader", "source": "cna", "vendor": "Foxit Software Inc."}, "product": "foxit_reader", "vendor": "foxitsoftware"}], "analysis": {"en": {"generated_at": "2026-04-28T19:47:44.109423+00:00", "value": {"mitigation_remediation": ["Update Foxit PDF Editor and Foxit PDF Reader to the latest patched versions when they become available.", "Avoid opening PDF files from untrusted or unknown sources, and verify file integrity before launching the document.", "Monitor application crashes and alert administrators when an unexpected termination occurs."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected products are Foxit PDF Editor and Foxit PDF Reader from Foxit Software Inc. No specific version numbers are available in the current data set.", "description_and_impact": "Insufficient parameter verification in Foxit PDF Editor and Foxit PDF Reader allows a malformed PDF file to trigger format errors, which in turn cause an unhandled std::invalid_argument exception and force the program to terminate. This weakness corresponds to CWE\u2011248 and results in a denial\u2011of\u2011service condition for the user without directly compromising confidentiality or integrity.", "risk_and_exploitability": "The CVSS score of 5.5 represents a medium severity. The EPSS score of less than 1% indicates that exploitation is currently unlikely. The vulnerability is not listed in CISA\u2019s KEV catalog. The most plausible attack vectors involve a remote attacker supplying a crafted PDF file that the user opens with the affected application, triggering the unhandled exception and terminating the program. Because the flaw stems from insufficient input validation, an attacker could trigger the denial\u2011of\u2011service simply by providing an improperly formatted file."}}}}, "created": "2026-04-28T08:30:13.036493+00:00", "updated": "2026-04-28T20:00:19.858831+00:00", "vendors": ["foxitsoftware", "foxitsoftware$PRODUCT$foxit_pdf_editor", "foxitsoftware$PRODUCT$foxit_reader"]}