CVE-2026-13126

Foxit · Foxit PDF Editor

Foxit PDF Editor and Reader are susceptible to a use-after-free vulnerability triggered by maliciously crafted JavaScript within a PDF document.

Executive summary

A high-severity use-after-free vulnerability in Foxit PDF Editor and Reader allows an attacker to execute arbitrary code or cause system crashes through malicious PDF documents.

Vulnerability

This vulnerability (CWE-416) occurs when embedded JavaScript in a PDF file deletes objects, leading to a use-after-free condition. It requires user interaction, such as opening a specially crafted PDF, to trigger the flaw.

Business impact

With a CVSS score of 7.8, this flaw poses a substantial risk of remote code execution. A successful exploit could lead to full system compromise, unauthorized data access, and potential malware installation, impacting organizational security posture and data confidentiality.

Remediation

Immediate Action: Update Foxit PDF Editor and Reader to the latest patched versions provided by the vendor.

Proactive Monitoring: Monitor endpoint activity for abnormal process behavior or crashes associated with the PDF application.

Compensating Controls: Disable JavaScript execution within PDF reader settings if immediate patching is not feasible, and restrict the opening of untrusted PDF documents.

Exploitation status

Public Exploit Available: false

Analyst recommendation

This vulnerability represents a significant risk to end-user workstations. Organizations should mandate the update to the latest version of Foxit software to mitigate the possibility of arbitrary code execution via malicious documents.