ZDI 2026-04-27

ZDI-26-303: Foxit PDF Reader AcroForm Signature Use-After-Free Information Disclosure Vulnerability

CVE-2026-5942

Machine-generated analysis · WAYSCloud LLM

This vulnerability enables information disclosure via a malicious PDF file. The assigned CVSS score of 3.3 indicates a low severity rating.

Context

The vulnerability affects Foxit PDF Reader's AcroForm signature handling. The source describes a use-after-free condition that can lead to information disclosure. User interaction is required, as exploitation depends on opening a malicious file or visiting a malicious page.

Operator considerations

The source does not provide enough basis for specific operator guidance.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2026-5942.

Read the full advisory on ZDI →