CVE-2026-5941 HIGH

CVE-2026-5941: Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability

Vendor Foxit Software Inc.
Product Foxit PDF Editor
Weakness CWE-20 · Input validation
Published April 27, 2026
Last update April 28, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.

Key dates

02Disclosure timeline

April 27, 2026 CVE published
April 28, 2026 Record updated