CVE-2026-3776 Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation

🗓️ 01 Apr 2026 01:40:35Reported by FoxitType

CVE-2026-3776: Foxit Editor/Reader dereferences missing stamp appearance data, null pointer crash.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2026-3776	1 Apr 202601:40	–	attackerkb
Circl	CVE-2026-3776	30 Mar 202617:00	–	circl
CNNVD	Foxit PDF Reader和Foxit PDF Editor 安全漏洞	1 Apr 202600:00	–	cnnvd
CVE	CVE-2026-3776	1 Apr 202601:40	–	cve
EUVD	EUVD-2026-17753	1 Apr 202603:31	–	euvd
Tenable Nessus	Foxit PDF Editor < 13.2.3 Multiple Vulnerabilities	31 Mar 202600:00	–	nessus
Tenable Nessus	Foxit PDF Editor < 14.0.3 Multiple Vulnerabilities	31 Mar 202600:00	–	nessus
Tenable Nessus	Foxit PDF Editor < 2026.1 Multiple Vulnerabilities	31 Mar 202600:00	–	nessus
Tenable Nessus	Foxit PDF Reader < 2026.1 Multiple Vulnerabilities	31 Mar 202600:00	–	nessus
Tenable Nessus	Foxit PDF Editor for Mac < 13.2.3 / 14.0.3 / 2026.1 Multiple Vulnerabilities	31 Mar 202600:00	–	nessus

[
  {
    "vendor": "Foxit Software Inc.",
    "product": "Foxit PDF Editor",
    "platforms": [
      "Windows",
      "MacOS"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "Versions 2025.3 and earlier"
      },
      {
        "status": "affected",
        "version": "Versions 14.0.2 and earlier"
      },
      {
        "status": "affected",
        "version": "Versions 13.2.2 and earlier"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Foxit Software Inc.",
    "product": "Foxit PDF Reader",
    "platforms": [
      "Windows",
      "MacOS"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "Versions 2025.3 and earlier"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
foxit	www.foxit.com/support/security-bulletins.html

02 Apr 2026 02:12Current

CVSS 3.15.5

EPSS0.00017

CWE-476