Cyber Resilience

CVE-2026-5941

High

Published: 27 April 2026

Published
27 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 9.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5941 is a high-severity Improper Input Validation (CWE-20) vulnerability in Foxit Pdf Editor. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 9.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-5941 is a vulnerability in Foxit software arising from parsing logic flaws that cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies. This misidentification triggers invalid memory writes and program crashes during internal data structure construction. The issue is associated with CWE-20 (Improper Input Validation) and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). It was published on 2026-04-27.

The attack requires local access, low complexity, no privileges, and user interaction. A local attacker could exploit this by supplying malformed input, such as crafted form field hierarchies in a document processed by the affected Foxit component. Successful exploitation leads to high-impact confidentiality, integrity, and availability effects, manifesting as program crashes from invalid memory writes and potentially enabling broader memory corruption.

Mitigation details are available in the Foxit security bulletin at https://www.foxit.com/support/security-bulletins.html. Security practitioners should consult this advisory for patching instructions and workarounds specific to affected Foxit products.

EU & UK References

Vulnerability details

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

The vulnerability is a client-side parsing flaw in Foxit software that enables exploitation for code execution via crafted malicious documents (memory corruption from invalid input validation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-5940Same product: Foxit Pdf Editor
CVE-2026-5943Same product: Foxit Pdf Editor
CVE-2025-32451Same product: Foxit Pdf Reader
CVE-2026-3774Same product: Foxit Pdf Editor
CVE-2026-3775Same product: Foxit Pdf Editor
CVE-2025-12907Shared CWE-20
CVE-2026-5915Shared CWE-20
CVE-2026-9969Shared CWE-20
CVE-2026-3777Same product: Foxit Pdf Editor
CVE-2025-43234Shared CWE-20

Affected Assets

foxit
pdf editor
14.0.0 — 14.0.4 · 2023.0.0 — 2026.1.1
foxit
pdf reader
≤ 2026.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation (CWE-20) flaw causing misidentification of non-signature data in malformed form field hierarchies.

prevent

Prevents invalid memory writes and subsequent program crashes during internal data structure construction triggered by parsing flaws.

prevent

Ensures timely flaw remediation through patching of the specific parsing logic vulnerability as detailed in the Foxit security bulletin.

References