{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5939", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "state": "PUBLISHED", "assignerShortName": "Foxit", "dateReserved": "2026-04-09T03:42:09.733Z", "datePublished": "2026-04-27T11:00:29.102Z", "dateUpdated": "2026-04-28T12:50:41.920Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-04-27T11:00:29.102Z"}, "title": "UAF in Foxit PDF Editor/Reader via XFA calculate event", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use after free", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Potential arbitrary code execution"}]}], "affected": [{"vendor": "Foxit Software Inc.", "product": "Foxit PDF Editor", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}, {"status": "affected", "version": "Versions 14.0.3 and earlier"}], "defaultStatus": "unaffected"}, {"vendor": "Foxit Software Inc.", "product": "Foxit PDF Reader", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution."}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "Haein Lee from KAIST Hacking Lab", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T03:55:25.421518Z", "id": "CVE-2026-5939", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:50:41.920Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5939", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-28T03:55:25.421518Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:40:21.534Z"}}], "cna": {"title": "UAF in Foxit PDF Editor/Reader via XFA calculate event", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Haein Lee from KAIST Hacking Lab"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Potential arbitrary code execution"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Foxit Software Inc.", "product": "Foxit PDF Editor", "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}, {"status": "affected", "version": "Versions 14.0.3 and earlier"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Foxit Software Inc.", "product": "Foxit PDF Reader", "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.", "supportingMedia": [{"type": "text/html", "value": "A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use after free"}]}], "providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-04-27T11:00:29.102Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5939", "state": "PUBLISHED", "dateUpdated": "2026-04-27T13:43:38.558Z", "dateReserved": "2026-04-09T03:42:09.733Z", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "datePublished": "2026-04-27T11:00:29.102Z", "assignerShortName": "Foxit"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C4B8779-474C-43FC-B02E-3754BFAB2432", "versionEndExcluding": "14.0.4", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3D204C5-D29B-4341-B48E-6F634E41126E", "versionEndExcluding": "2026.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "C18DA4A1-62E6-4734-840D-B5280B765A9E", "versionEndExcluding": "2026.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution."}], "id": "CVE-2026-5939", "lastModified": "2026-04-29T17:28:10.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}]}, "published": "2026-04-27T12:16:24.263", "references": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"], "url": "https://www.foxit.com/support/security-bulletins.html"}], "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "calver", "value": "[0,2026.1]"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,14.0.3]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 98.0, "source": "matching"}]}, "original": {"product": "Foxit PDF Editor", "source": "cna", "vendor": "Foxit Software Inc."}, "product": "foxit_pdf_editor", "vendor": "foxitsoftware"}, {"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "calver", "value": "[0,2026.1]"}}], "enrichment": {"confidence": 91.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 91.0, "source": "matching"}]}, "original": {"product": "Foxit PDF Reader", "source": "cna", "vendor": "Foxit Software Inc."}, "product": "foxit_reader", "vendor": "foxitsoftware"}], "analysis": {"en": {"generated_at": "2026-04-28T19:47:59.343021+00:00", "value": {"mitigation_remediation": ["Verify whether a security patch or update has been released for Foxit PDF Editor or Reader on the Foxit support site and install it promptly.", "If no patch is available, disable XFA form support in the PDF viewer settings to prevent triggering the vulnerability.", "As an alternative, use a PDF viewer that does not support XFA, such as a mainstream browser or other PDF reader, until a vendor fix is released.", "Regularly monitor the Foxit support bulletins and security advisories for updates to this issue."], "summary": {"action": "Check for Patch", "impact": "Arbitrary code execution via use\u2011after\u2011free"}, "threat_synthesis": {"affected_systems": "The affected products are Foxit PDF Editor and Foxit PDF Reader produced by Foxit Software Inc. Specific version information was not disclosed; therefore all released versions of these applications are considered vulnerable until an official fix is released.", "description_and_impact": "A crafted PDF that contains an XFA form can trigger a use\u2011after\u2011free condition during the calculate event handling in Foxit PDF Editor or Foxit PDF Reader. The flaw causes the application to crash and allows arbitrary code execution, enabling the attacker to run arbitrary programs with the privileges of the user launching the file. This vulnerability is a classic use\u2011after\u2011free error (CWE\u2011416).", "risk_and_exploitability": "The CVSS v3.1 score of 5.5 indicates a moderate severity attack. The EPSS score of less than 1% suggests a low likelihood of exploitation at the time of this analysis, and the vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector is local: an attacker must supply a malicious PDF to a user who opens or views the file. If the user opens a crafted PDF, the application will crash and can execute arbitrary code, potentially compromising the user\u2019s system."}}}}, "created": "2026-04-28T08:30:13.039994+00:00", "updated": "2026-04-28T20:00:19.863749+00:00", "vendors": ["foxitsoftware", "foxitsoftware$PRODUCT$foxit_pdf_editor", "foxitsoftware$PRODUCT$foxit_reader"]}