CVE-2026-5943 HIGH

CVE-2026-5943: Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability

Vendor Foxit Software Inc.
Product Foxit PDF Editor
Weakness CWE-416
Published April 27, 2026
Last update April 28, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.

Key dates

02Disclosure timeline

April 27, 2026 CVE published
April 28, 2026 Record updated