CVE-2026-5939

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.

medium 5.5 CVSS 3.1

Published: Apr 27, 2026

Modified: Apr 27, 2026

Description

References

https://www.foxit.com/support/security-bulletins.html

Version	3.1
Score	5.5 / 10
Severity	medium