What is CVE-2026-3776?

CVE-2026-3776 is a medium-severity vulnerability in Foxit Software Inc. Pdf Editor, classified under NULL Pointer Dereference. CVSS score: 5.5/10. Published 2026-04-01.

How severe is CVE-2026-3776?

Medium severity. CVSS v3 base score is 5.5 out of 10.

NULL pointer dereference in Foxit Software Inc. Pdf Editor

CVE-2026-3776

The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated obje…

EPSS: 0.000 (4.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

Affected products

Foxit Software Inc. Pdf Editor — versions Versions 2025.3 and earlier, Versions 14.0.2 and earlier, Versions 13.2.2 and earlier
Foxit Software Inc. Pdf Reader — versions Versions 2025.3 and earlier

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

www.foxit.com/support/security-bulletins.html

Frequently asked questions

What is CVE-2026-3776?: CVE-2026-3776 is a medium-severity vulnerability in Foxit Software Inc. Pdf Editor, classified under NULL Pointer Dereference. CVSS score: 5.5/10. Published 2026-04-01.
How severe is CVE-2026-3776?: Medium severity. CVSS v3 base score is 5.5 out of 10.