CVE-2026-13128
Foxit · Foxit PDF Editor
A use-after-free vulnerability in Foxit PDF Editor and Reader allows for potential code execution when processing PDFs with embedded JavaScript.
Executive summary
A high-severity use-after-free flaw in Foxit PDF Editor and Reader can be exploited by an attacker to execute arbitrary code through a maliciously crafted PDF file.
Vulnerability
The application is vulnerable to a use-after-free (CWE-416) condition when handling embedded JavaScript that triggers page deletion. Exploitation requires a user to open a malicious PDF, which then leads to invalid object memory handling.
Business impact
The CVSS score of 7.8 indicates a high risk of compromise for affected endpoints. Successful exploitation allows an attacker to execute arbitrary code, potentially leading to the exfiltration of sensitive information or the deployment of ransomware within the enterprise environment.
Remediation
Immediate Action: Apply the latest security updates provided by Foxit for both PDF Editor and Reader.
Proactive Monitoring: Review enterprise security logs for suspicious file execution patterns associated with PDF reader applications.
Compensating Controls: Implement organizational policies to disable JavaScript in PDF readers and utilize endpoint security solutions to detect and block malicious document execution.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the prevalence of PDF-based attacks, it is critical to address this vulnerability promptly. Organizations should verify that all instances of Foxit PDF software are updated to the current secure version to protect against potential exploitation.