CVE-2026-5943

High

Published: 27 April 2026

Published

27 April 2026

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0001 2.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5943 is a high-severity Use After Free (CWE-416) vulnerability in Foxit Pdf Editor. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely identification, reporting, and patching of flaws directly remediates the use-after-free vulnerability in Foxit software, preventing exploitation via malicious documents.

SI-16 Memory Protection good match

prevent

Memory protection safeguards such as ASLR, DEP, and hardened allocators prevent unauthorized code execution from accessing invalid pointers in use-after-free scenarios.

CM-7 Least Functionality partial match

prevent

Restricting PDF reader functionality to essentials, such as disabling script execution, prevents the document modifications that trigger the object reference inconsistencies.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Use-after-free in client PDF software (Foxit) directly enables exploitation for arbitrary code execution via a malicious document opened by the user.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.

Deeper analysisAI

CVE-2026-5943 is a use-after-free vulnerability (CWE-416) affecting Foxit software. The flaw arises from document structural anomalies that cause inconsistencies between page element relationships and internal index states. When scripts trigger document modifications, object reference validity is not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A local attacker requires no privileges and can exploit it with low attack complexity, but user interaction is necessary. By providing a malicious document that a user opens and processes—triggering the script-induced modifications—the attacker can achieve high impacts on confidentiality, integrity, and availability.

Foxit has published security bulletins with details on this issue at https://www.foxit.com/support/security-bulletins.html.

Details

CWE(s): CWE-416

Affected Products

foxit

pdf editor

≤ 13.2.4 · 14.0.0 — 14.0.4 · 2023.0.0 — 2026.1.1

foxit

pdf reader

≤ 2026.1.1

CVEs Like This One

CVE-2026-5940Same product: Foxit Pdf Editor

CVE-2026-5941Same product: Foxit Pdf Editor

CVE-2026-3777Same product: Foxit Pdf Editor

CVE-2025-32451Same product: Foxit Pdf Reader

CVE-2026-3774Same product: Foxit Pdf Editor

CVE-2026-3775Same product: Foxit Pdf Editor

CVE-2025-0762Shared CWE-416

CVE-2025-11756Shared CWE-416

CVE-2025-11460Shared CWE-416

CVE-2026-25997Shared CWE-416

References

https://www.foxit.com/support/security-bulletins.html
Vendor Advisory · 14984358-7092-470d-8f34-ade47a7658a2