Description
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.
Published: 2026-04-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Improper control flow management allows a crafted document action chain to trigger modal dialog reentry on the main thread, causing the UI to freeze. The result is a local denial of service that renders the application unusable until it is closed and relaunched. The vulnerability does not provide credential escalation or data disclosure, but it can interrupt user workflow and impact availability.

Affected Systems

Foxit Software Inc. products, specifically Foxit PDF Editor and Foxit PDF Reader. No specific version numbers are disclosed in the available data, so all installations of these products remain potentially vulnerable until an official update is applied.

Risk and Exploitability

The CVSS score of 5.5 characterizes this flaw as moderate. EPSS indicates an exploitation probability of less than 1 %, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local, requiring the attacker to supply a crafted PDF that a user opens on the affected system. Because the flaw is limited to a UI freeze, it does not lead to arbitrary code execution, but it can disrupt business operations if the application is critical to daily tasks.

Generated by OpenCVE AI on April 28, 2026 at 04:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Foxit PDF Editor and Foxit PDF Reader to the latest version released by Foxit Software Inc.
  • Avoid opening PDFs from untrusted or unknown sources until a patch is applied.
  • Consider enabling script or action chain restrictions in the application or using a sandboxed viewer to isolate any potential denial‑of‑service events.

Generated by OpenCVE AI on April 28, 2026 at 04:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Foxit
Foxit pdf Editor
Foxit pdf Reader
CPEs cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*
Vendors & Products Foxit
Foxit pdf Editor
Foxit pdf Reader

Tue, 28 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Foxitsoftware
Foxitsoftware foxit Pdf Editor
Foxitsoftware foxit Reader
Vendors & Products Foxitsoftware
Foxitsoftware foxit Pdf Editor
Foxitsoftware foxit Reader

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
Description Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.
Title Foxit PDF Editor/Reader Infinite Loop Denial-of-Service Vulnerability
Weaknesses CWE-691
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Foxit Pdf Editor Pdf Reader
Foxitsoftware Foxit Pdf Editor Foxit Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: Foxit

Published:

Updated: 2026-04-27T13:42:57.699Z

Reserved: 2026-04-09T03:42:07.680Z

Link: CVE-2026-5938

cve-icon Vulnrichment

Updated: 2026-04-27T13:40:17.459Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-27T12:16:24.153

Modified: 2026-04-29T17:29:29.233

Link: CVE-2026-5938

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T08:30:13Z

Weaknesses