{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5943", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "state": "PUBLISHED", "assignerShortName": "Foxit", "dateReserved": "2026-04-09T03:42:20.240Z", "datePublished": "2026-04-27T11:00:31.554Z", "dateUpdated": "2026-04-28T03:55:23.507Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-04-27T11:00:31.554Z"}, "title": "Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use after free", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Potential arbitrary code execution"}]}], "affected": [{"vendor": "Foxit Software Inc.", "product": "Foxit PDF Editor", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}, {"status": "affected", "version": "Versions 14.0.3 and earlier"}, {"status": "affected", "version": "Versions 13.2.3 and earlier"}], "defaultStatus": "unaffected"}, {"vendor": "Foxit Software Inc.", "product": "Foxit PDF Reader", "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries."}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Anonymous working with TrendAI Zero Day Initiative", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-5943"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T03:55:23.507Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5943", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-27T13:38:05.690675Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:40:20.491Z"}}], "cna": {"title": "Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Anonymous working with TrendAI Zero Day Initiative"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Potential arbitrary code execution"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Foxit Software Inc.", "product": "Foxit PDF Editor", "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}, {"status": "affected", "version": "Versions 14.0.3 and earlier"}, {"status": "affected", "version": "Versions 13.2.3 and earlier"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Foxit Software Inc.", "product": "Foxit PDF Reader", "versions": [{"status": "affected", "version": "Versions 2026.1 and earlier"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.", "supportingMedia": [{"type": "text/html", "value": "Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use after free"}]}], "providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-04-27T11:00:31.554Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5943", "state": "PUBLISHED", "dateUpdated": "2026-04-28T03:55:23.507Z", "dateReserved": "2026-04-09T03:42:20.240Z", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "datePublished": "2026-04-27T11:00:31.554Z", "assignerShortName": "Foxit"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "388A59F0-28A7-436B-BC75-C77E58F4ECDE", "versionEndExcluding": "13.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C4B8779-474C-43FC-B02E-3754BFAB2432", "versionEndExcluding": "14.0.4", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3D204C5-D29B-4341-B48E-6F634E41126E", "versionEndExcluding": "2026.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "C18DA4A1-62E6-4734-840D-B5280B765A9E", "versionEndExcluding": "2026.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries."}], "id": "CVE-2026-5943", "lastModified": "2026-04-29T17:18:04.043", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}]}, "published": "2026-04-27T12:16:24.717", "references": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"], "url": "https://www.foxit.com/support/security-bulletins.html"}], "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026.1]"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,14.0.3]"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,13.2.3]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 98.0, "source": "matching"}]}, "original": {"product": "Foxit PDF Editor", "source": "cna", "vendor": "Foxit Software Inc."}, "product": "foxit_pdf_editor", "vendor": "foxitsoftware"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026.1]"}}], "enrichment": {"confidence": 91.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 91.0, "source": "matching"}]}, "original": {"product": "Foxit PDF Reader", "source": "cna", "vendor": "Foxit Software Inc."}, "product": "foxit_reader", "vendor": "foxitsoftware"}], "analysis": {"en": {"generated_at": "2026-04-28T04:32:33.509129+00:00", "value": {"mitigation_remediation": ["Apply the latest Foxit PDF Editor/Reader patch once available and install any interim security updates.", "Disable or limit JavaScript execution in PDF settings to prevent script-triggered modifications; consider turning off AcroForm processing if not required.", "If a patch is not yet available, isolate PDF handling applications in a sandboxed environment and only open documents from trusted sources.", "Employ a PDF scanner or sandbox that detects anomalies in page structures before rendering, providing an additional layer of defense."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Foxit Software Inc.'s products affected are Foxit PDF Editor and Foxit PDF Reader. No specific version information is listed, implying that all releases that support AcroForm annotation processing are susceptible. This includes both the free and paid editions distributed through the Foxit support portal.", "description_and_impact": "The vulnerability arises from inconsistencies between page element relationships and internal indexing in Foxit PDF Editor and Reader. When a PDF containing script-initiated modifications is opened, object references can become invalid while page metadata queries continue, leading to a use\u2011after\u2011free that can trigger a crash. According to the CVE title, an attacker may be able to coerce the application into executing arbitrary code, although the raw description only documents a crash.", "risk_and_exploitability": "The CVSS score of 7.8 reflects a high severity. The EPSS score of less than 1 percent suggests that exploitation is currently unlikely but not impossible. The vulnerability is not in CISA's KEV catalog, and no official patch is listed, so users should proceed with caution. The most likely attack vector is delivery through a malicious PDF document that a user opens locally or via email, which could trigger the use\u2011after\u2011free and potentially lead to malicious code execution if an attacker crafts a payload to exploit the crash."}}}}, "created": "2026-04-28T04:45:22.542873+00:00", "updated": "2026-04-28T08:30:13.039326+00:00", "vendors": ["foxitsoftware", "foxitsoftware$PRODUCT$foxit_pdf_editor", "foxitsoftware$PRODUCT$foxit_reader"]}