CVE-2026-5939

· NIST NVD ↗

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.

MEDIUM
CVSS severity
5.5
CVSS base score
2026-04-27
Published

CWE codes

CWE-416

Affected products

foxit:pdf_editorfoxit:pdf_reader

Sources