CVE-2026-5940

Summary

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.

Affected Software

VendorProductVersion RangeStatus
Foxit Software Inc.Foxit PDF EditorVersions 2026.1 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 14.0.3 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 13.2.3 and earlieraffected
Foxit Software Inc.Foxit PDF ReaderVersions 2026.1 and earlieraffected

Weaknesses

  • CWE-416: CWE-416 Use after free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References