CVE-2026-5939

UAF in Foxit PDF Editor/Reader via XFA calculate event

Description

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.

INFO

Published Date :

2026-04-27T11:00:29.102Z

Last Modified :

2026-04-28T12:50:41.920Z

Source :

Foxit

AFFECTED PRODUCTS

The following products are affected by CVE-2026-5939 vulnerability.

Vendors	Products
Foxit	Pdf Editor Pdf Reader
Foxitsoftware	Foxit Pdf Editor Foxit Reader

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5939.

URL	Resource
https://www.foxit.com/support/security-bulletins.html

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact