CVE-2026-13126
Foxit · Foxit PDF Editor
Foxit PDF Editor and Reader are susceptible to a use-after-free vulnerability triggered by maliciously crafted JavaScript within a PDF document.
Executive summary
A high-severity use-after-free vulnerability in Foxit PDF Editor and Reader allows an attacker to execute arbitrary code or cause system crashes through malicious PDF documents.
Vulnerability
This vulnerability (CWE-416) occurs when embedded JavaScript in a PDF file deletes objects, leading to a use-after-free condition. It requires user interaction, such as opening a specially crafted PDF, to trigger the flaw.
Business impact
With a CVSS score of 7.8, this flaw poses a substantial risk of remote code execution. A successful exploit could lead to full system compromise, unauthorized data access, and potential malware installation, impacting organizational security posture and data confidentiality.
Remediation
Immediate Action: Update Foxit PDF Editor and Reader to the latest patched versions provided by the vendor.
Proactive Monitoring: Monitor endpoint activity for abnormal process behavior or crashes associated with the PDF application.
Compensating Controls: Disable JavaScript execution within PDF reader settings if immediate patching is not feasible, and restrict the opening of untrusted PDF documents.
Exploitation status
Public Exploit Available: false
Analyst recommendation
This vulnerability represents a significant risk to end-user workstations. Organizations should mandate the update to the latest version of Foxit software to mitigate the possibility of arbitrary code execution via malicious documents.