CVE-2026-5942: CWE-416 Use after free in Foxit Software Inc. Foxit PDF Editor
CVE-2026-5942 is a use-after-free vulnerability in Foxit PDF Editor affecting versions 2026. 1 and earlier, 14. 0. 3 and earlier, and 13. 2. 3 and earlier. The flaw arises from improper page lifecycle management that causes document structure changes to desynchronize internal component states, leading to operations accessing invalidated objects and crashing the program. The vulnerability has a CVSS score of 5. 5 (medium severity) and impacts availability without compromising confidentiality or integrity. The product is a cloud service, and the vendor manages remediation server-side.
AI Analysis
Technical Summary
CVE-2026-5942 is a use-after-free vulnerability (CWE-416) in Foxit PDF Editor's page lifecycle management. Changes to document structure can cause internal component states to become desynchronized, resulting in subsequent operations accessing freed memory objects. This leads to program crashes, impacting availability. The vulnerability affects multiple versions of Foxit PDF Editor, including 2026.1 and earlier, 14.0.3 and earlier, and 13.2.3 and earlier. The CVSS 3.1 base score is 5.5, reflecting a medium severity with local attack vector, low complexity, no privileges required, user interaction needed, and impact limited to availability. The product is cloud-hosted, and the vendor manages remediation. No public exploits are known.
Potential Impact
The vulnerability causes application crashes due to use-after-free conditions, impacting availability of the Foxit PDF Editor service. There is no impact on confidentiality or integrity according to the CVSS vector. No known exploitation in the wild has been reported.
Mitigation Recommendations
Since Foxit PDF Editor is a cloud service, the vendor manages remediation server-side. A patch is available, and users should ensure they are using the latest version as updated by the vendor. Check the vendor advisory for confirmation and further guidance. No additional user action is required beyond ensuring the service is up to date.
CVE-2026-5942: CWE-416 Use after free in Foxit Software Inc. Foxit PDF Editor
Description
CVE-2026-5942 is a use-after-free vulnerability in Foxit PDF Editor affecting versions 2026. 1 and earlier, 14. 0. 3 and earlier, and 13. 2. 3 and earlier. The flaw arises from improper page lifecycle management that causes document structure changes to desynchronize internal component states, leading to operations accessing invalidated objects and crashing the program. The vulnerability has a CVSS score of 5. 5 (medium severity) and impacts availability without compromising confidentiality or integrity. The product is a cloud service, and the vendor manages remediation server-side.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-5942 is a use-after-free vulnerability (CWE-416) in Foxit PDF Editor's page lifecycle management. Changes to document structure can cause internal component states to become desynchronized, resulting in subsequent operations accessing freed memory objects. This leads to program crashes, impacting availability. The vulnerability affects multiple versions of Foxit PDF Editor, including 2026.1 and earlier, 14.0.3 and earlier, and 13.2.3 and earlier. The CVSS 3.1 base score is 5.5, reflecting a medium severity with local attack vector, low complexity, no privileges required, user interaction needed, and impact limited to availability. The product is cloud-hosted, and the vendor manages remediation. No public exploits are known.
Potential Impact
The vulnerability causes application crashes due to use-after-free conditions, impacting availability of the Foxit PDF Editor service. There is no impact on confidentiality or integrity according to the CVSS vector. No known exploitation in the wild has been reported.
Mitigation Recommendations
Since Foxit PDF Editor is a cloud service, the vendor manages remediation server-side. A patch is available, and users should ensure they are using the latest version as updated by the vendor. Check the vendor advisory for confirmation and further guidance. No additional user action is required beyond ensuring the service is up to date.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Foxit
- Date Reserved
- 2026-04-09T03:42:17.871Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69ef48cfba26a39fba1d6dc8
Added to database: 4/27/2026, 11:30:23 AM
Last enriched: 4/27/2026, 11:45:49 AM
Last updated: 4/27/2026, 1:56:19 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.