Cyber Resilience

CVE-2026-5940

High

Published: 27 April 2026

Published
27 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5940 is a high-severity Use After Free (CWE-416) vulnerability in Foxit Pdf Editor. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5940 is a use-after-free vulnerability (CWE-416) affecting Foxit software, as detailed in the vendor's security bulletins. The issue arises when a function that triggers a UI refresh is called after comments are removed via a script, resulting in access to an invalidated object and subsequent program crashes. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and was published on 2026-04-27T12:16:24.377.

The vulnerability can be exploited by a local attacker requiring low complexity and user interaction, but no special privileges. Successful exploitation enables high impacts on confidentiality, integrity, and availability, potentially allowing severe compromise beyond mere crashes.

Foxit's security advisory at https://www.foxit.com/support/security-bulletins.html provides details on patches and mitigation recommendations.

EU & UK References

Vulnerability details

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Use-after-free in Foxit client software (PDF/JS handling) enables client-side code execution via malicious file triggering the flaw after script-based comment removal and UI refresh.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-5943Same product: Foxit Pdf Editor
CVE-2026-5941Same product: Foxit Pdf Editor
CVE-2026-3777Same product: Foxit Pdf Editor
CVE-2025-32451Same product: Foxit Pdf Reader
CVE-2026-3774Same product: Foxit Pdf Editor
CVE-2026-3775Same product: Foxit Pdf Editor
CVE-2026-34774Shared CWE-416
CVE-2026-34771Shared CWE-416
CVE-2025-13638Shared CWE-416
CVE-2026-6319Shared CWE-416

Affected Assets

foxit
pdf editor
≤ 13.2.4 · 14.0.0 — 14.0.4 · 2023.0.0 — 2026.1.1
foxit
pdf reader
≤ 2026.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates timely remediation of known flaws, directly addressing this use-after-free vulnerability through application of Foxit vendor patches.

prevent

SI-16 implements memory safeguards like ASLR and DEP that protect against exploitation of use-after-free errors by preventing execution from invalidated memory objects.

prevent

SI-11 provides error and exception handling to mitigate crashes and potential integrity/compromise from accessing invalidated objects post-comment removal.

References