HIGHCVE-2026-5940Published Modified CNA Foxit
CVE-2026-5940: Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 2
Affected packages
- Foxit Software Inc. / Foxit PDF EditorVersions 2026.1 and earlier · Versions 14.0.3 and earlier · Versions 13.2.3 and earlier
- Foxit Software Inc. / Foxit PDF ReaderVersions 2026.1 and earlier
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences