High severity7.8NVD Advisory· Published Apr 1, 2026· Updated Apr 28, 2026
CVE-2026-3779
CVE-2026-3779
Description
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- www.foxit.com/support/security-bulletins.htmlnvdVendor Advisory
- www.talosintelligence.com/vulnerability_reports/TALOS-2026-2365nvdThird Party AdvisoryExploit
News mentions
1- Foxit, LibRaw vulnerabilitiesCisco Talos Intelligence · Apr 16, 2026