CVE-2026-5938
Received
Received - Intake
Improper Control Flow in Document Actions Causes UI Freeze DoS
Publication date: 2026-04-27
Last updated on: 2026-04-29
Assigner: Foxit
Description
Description
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| foxit | pdf_editor | to 13.2.4 (exc) |
| foxit | pdf_editor | From 14.0.0 (inc) to 14.0.4 (exc) |
| foxit | pdf_editor | From 2023.0.0 (inc) to 2026.1.1 (exc) |
| foxit | pdf_reader | to 2026.1.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-691 | The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper control flow management that allows a specially crafted document action chain to cause modal dialog reentry on the main thread.
As a result, the user interface (UI) freezes, leading to a denial of service condition.
How can this vulnerability impact me? :
The vulnerability can cause the application's UI to freeze, resulting in a denial of service.
This means users may be unable to interact with the application until it is restarted or otherwise recovered.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70