CVE-2026-5939 UAF in Foxit PDF Editor/Reader via XFA calculate event

🗓️ 27 Apr 2026 11:00:29Reported by FoxitType

CVE-2026-5939: Crafted XFA PDF triggers a use-after-free in Foxit Editor during calculation, causing crash and code execution.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-5939	27 Apr 202611:00	–	attackerkb
CNNVD	Foxit PDF Reader和Foxit PDF Editor 资源管理错误漏洞	27 Apr 202600:00	–	cnnvd
CVE	CVE-2026-5939	27 Apr 202611:00	–	cve
EUVD	EUVD-2026-25825	27 Apr 202611:00	–	euvd
Tenable Nessus	Foxit PDF Editor < 14.0.4 / 2026.1.1 Multiple Vulnerabilities	27 Apr 202600:00	–	nessus
Tenable Nessus	Foxit PDF Reader < 2026.1.1 Multiple Vulnerabilities	27 Apr 202600:00	–	nessus
NVD	CVE-2026-5939	27 Apr 202612:16	–	nvd
Positive Technologies	PT-2026-35401	27 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-5939	28 Apr 202618:35	–	redhatcve
Vulnrichment	CVE-2026-5939 UAF in Foxit PDF Editor/Reader via XFA calculate event	27 Apr 202611:00	–	vulnrichment

[
  {
    "vendor": "Foxit Software Inc.",
    "product": "Foxit PDF Editor",
    "platforms": [
      "Windows"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "Versions 2026.1 and earlier"
      },
      {
        "status": "affected",
        "version": "Versions 14.0.3 and earlier"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Foxit Software Inc.",
    "product": "Foxit PDF Reader",
    "platforms": [
      "Windows"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "Versions 2026.1 and earlier"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
foxit	www.foxit.com/support/security-bulletins.html

27 Apr 2026 11:00Current

CVSS 3.15.5

EPSS0.00018

CWE-416