Parsing Logic Flaws in Foxit's PDF Processing Software
CVE-2026-5941

7.8HIGH

Key Information:

Vendor

Foxit Inc.

Status
Foxit PDF Editor
Foxit
Vendor
CVE Published:
27 April 2026

What is CVE-2026-5941?

A vulnerability exists in Foxit's PDF processing software where parsing logic flaws can cause the software to misidentify non-signature data as valid signatures. This issue primarily arises during the handling of malformed form field hierarchies, potentially resulting in invalid memory writes and subsequent program crashes during the construction of internal data structures. Users are advised to monitor their software versions and apply updates as necessary to mitigate risks.

Affected Version(s)

Foxit PDF Editor Windows Versions 2026.1 and earlier

Foxit PDF Editor Windows Versions 14.0.3 and earlier

Foxit PDF Reader Windows Versions 2026.1 and earlier

References

https://www.foxit.com/support/security-bulletins.html

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Anonymous working with TrendAI Zero Day Initiative
.