Published: April 27, 2026 | Last Modified: April 27, 2026
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.
Exploitation Probability (EPSS): Low — 0.01% (3th percentile)
Low exploitation probability based on current threat landscape data. Standard patching timeline is appropriate.
This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.