CVE-2026-5941

High

Published: 27 April 2026

Published

27 April 2026

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0003 8.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5941 is a high-severity Improper Input Validation (CWE-20) vulnerability in Foxit Pdf Editor. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 8.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the improper input validation (CWE-20) flaw causing misidentification of non-signature data in malformed form field hierarchies.

SI-16 Memory Protection good match

prevent

Prevents invalid memory writes and subsequent program crashes during internal data structure construction triggered by parsing flaws.

SI-2 Flaw Remediation good match

prevent

Ensures timely flaw remediation through patching of the specific parsing logic vulnerability as detailed in the Foxit security bulletin.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

The vulnerability is a client-side parsing flaw in Foxit software that enables exploitation for code execution via crafted malicious documents (memory corruption from invalid input validation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.

Deeper analysisAI

CVE-2026-5941 is a vulnerability in Foxit software arising from parsing logic flaws that cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies. This misidentification triggers invalid memory writes and program crashes during internal data structure construction. The issue is associated with CWE-20 (Improper Input Validation) and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). It was published on 2026-04-27.

The attack requires local access, low complexity, no privileges, and user interaction. A local attacker could exploit this by supplying malformed input, such as crafted form field hierarchies in a document processed by the affected Foxit component. Successful exploitation leads to high-impact confidentiality, integrity, and availability effects, manifesting as program crashes from invalid memory writes and potentially enabling broader memory corruption.

Mitigation details are available in the Foxit security bulletin at https://www.foxit.com/support/security-bulletins.html. Security practitioners should consult this advisory for patching instructions and workarounds specific to affected Foxit products.