Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.

Basic Information

ID CVE-2026-5941

Source Foxit

Published Apr 27, 2026 at 11:00

Affected Product

Vendor Foxit Software Inc.

Product Foxit PDF Editor

Version Versions 2026.1 and earlier

Affected Versions Foxit Software Inc. Foxit PDF Editor Versions 2026.1 and earlier
Foxit Software Inc. Foxit PDF Editor Versions 14.0.3 and earlier
Foxit Software Inc. Foxit PDF Reader Versions 2026.1 and earlier

CWE Classification

CWE-20

References

www.foxit.com /support/security-bulletins.html

{
    "lastseen": "",
    "description": "Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.",
    "published": "2026-04-27T11:00:25.495Z",
    "modified": "2026-04-27T11:00:25.495Z",
    "type": "cve",
    "title": "Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability",
    "source": "Foxit",
    "references": "https://www.foxit.com/support/security-bulletins.html",
    "id": "CVE-2026-5941",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "Foxit Software Inc. Foxit PDF Editor Versions 2026.1 and earlier\nFoxit Software Inc. Foxit PDF Editor Versions 14.0.3 and earlier\nFoxit Software Inc. Foxit PDF Reader Versions 2026.1 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Foxit PDF Editor",
    "version": "Versions 2026.1 and earlier",
    "vendor": "Foxit Software Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability_CVE-2026-5941