HIGHCVE-2026-5941Published 2026-04-27Modified 2026-04-28CNA Foxit

CVE-2026-5941: Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.

CVSS v3.1: 7.8
Severity: HIGH
Fixed in: —
Affected Products: 2

Affected packages

Foxit Software Inc. / Foxit PDF Editor
Versions 2026.1 and earlier · Versions 14.0.3 and earlier
Foxit Software Inc. / Foxit PDF Reader
Versions 2026.1 and earlier

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

foxit.com

Metrics