CVE-2026-13128

Foxit · Foxit PDF Editor

A use-after-free vulnerability in Foxit PDF Editor and Reader allows for potential code execution when processing PDFs with embedded JavaScript.

Executive summary

A high-severity use-after-free flaw in Foxit PDF Editor and Reader can be exploited by an attacker to execute arbitrary code through a maliciously crafted PDF file.

Vulnerability

The application is vulnerable to a use-after-free (CWE-416) condition when handling embedded JavaScript that triggers page deletion. Exploitation requires a user to open a malicious PDF, which then leads to invalid object memory handling.

Business impact

The CVSS score of 7.8 indicates a high risk of compromise for affected endpoints. Successful exploitation allows an attacker to execute arbitrary code, potentially leading to the exfiltration of sensitive information or the deployment of ransomware within the enterprise environment.

Remediation

Immediate Action: Apply the latest security updates provided by Foxit for both PDF Editor and Reader.

Proactive Monitoring: Review enterprise security logs for suspicious file execution patterns associated with PDF reader applications.

Compensating Controls: Implement organizational policies to disable JavaScript in PDF readers and utilize endpoint security solutions to detect and block malicious document execution.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the prevalence of PDF-based attacks, it is critical to address this vulnerability promptly. Organizations should verify that all instances of Foxit PDF software are updated to the current secure version to protect against potential exploitation.