Server-Side Request Forgery Vulnerability in Foxit Software Products
CVE-2026-5936

8.5HIGH

Key Information:

Vendor: Foxit Inc.
Status: Foxit PDF Services Api
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-5936?

A security flaw in Foxit software allows attackers to manipulate server-side HTTP requests via a specially crafted URL. This capability permits the server to send requests to arbitrary external destinations. Attackers may exploit this to investigate internal network services, gain unintended access to previously restricted endpoints, such as cloud metadata services, or circumvent network access controls. These actions can lead to unauthorized information disclosure and pose risks to the security of the overall internal environment.

Affected Version(s)

Foxit PDF Services API before 2026-04-07

References

https://www.foxit.com/support/security-bulletins.html

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Apr 9, 2026

Credit

Vedant Roy of Ultimate Kronos Group(UKG)

CVE-2026-5936 Data

JSON