Cyber Resilience

CVE-2026-5943

High

Published: 27 April 2026

Published
27 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5943 is a high-severity Use After Free (CWE-416) vulnerability in Foxit Pdf Editor. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5943 is a use-after-free vulnerability (CWE-416) affecting Foxit software. The flaw arises from document structural anomalies that cause inconsistencies between page element relationships and internal index states. When scripts trigger document modifications, object reference validity is not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A local attacker requires no privileges and can exploit it with low attack complexity, but user interaction is necessary. By providing a malicious document that a user opens and processes—triggering the script-induced modifications—the attacker can achieve high impacts on confidentiality, integrity, and availability.

Foxit has published security bulletins with details on this issue at https://www.foxit.com/support/security-bulletins.html.

EU & UK References

Vulnerability details

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Use-after-free in client PDF software (Foxit) directly enables exploitation for arbitrary code execution via a malicious document opened by the user.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-5940Same product: Foxit Pdf Editor
CVE-2026-5941Same product: Foxit Pdf Editor
CVE-2026-3777Same product: Foxit Pdf Editor
CVE-2025-32451Same product: Foxit Pdf Reader
CVE-2026-3774Same product: Foxit Pdf Editor
CVE-2026-3775Same product: Foxit Pdf Editor
CVE-2026-34774Shared CWE-416
CVE-2026-34771Shared CWE-416
CVE-2025-13638Shared CWE-416
CVE-2026-6319Shared CWE-416

Affected Assets

foxit
pdf editor
≤ 13.2.4 · 14.0.0 — 14.0.4 · 2023.0.0 — 2026.1.1
foxit
pdf reader
≤ 2026.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely identification, reporting, and patching of flaws directly remediates the use-after-free vulnerability in Foxit software, preventing exploitation via malicious documents.

prevent

Memory protection safeguards such as ASLR, DEP, and hardened allocators prevent unauthorized code execution from accessing invalid pointers in use-after-free scenarios.

prevent

Restricting PDF reader functionality to essentials, such as disabling script execution, prevents the document modifications that trigger the object reference inconsistencies.

References