CVE-2026-5939

Summary

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
Foxit Software Inc.Foxit PDF EditorVersions 2026.1 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 14.0.3 and earlieraffected
Foxit Software Inc.Foxit PDF ReaderVersions 2026.1 and earlieraffected

Weaknesses

  • CWE-416: CWE-416 Use after free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References