CVE-2026-13127

Foxit · Foxit PDF Editor / Foxit PDF Reader

A use-after-free vulnerability exists in Foxit PDF Editor and Reader, which may allow an attacker to execute arbitrary code when opening a maliciously crafted PDF file.

Executive summary

A critical use-after-free vulnerability in Foxit PDF Editor and Reader could allow an attacker to achieve code execution through a specially crafted PDF document.

Vulnerability

This is a use-after-free vulnerability (CWE-416) triggered when the application processes a PDF file. The vulnerability requires user interaction to open the malicious file, but once opened, an unauthenticated attacker could potentially gain control of the application process.

Business impact

Successful exploitation of this vulnerability could lead to arbitrary code execution on the host system, potentially resulting in data exfiltration, unauthorized access to sensitive documents, or complete system compromise. With a CVSS score of 7.8, this vulnerability is classified as High severity, as it poses a significant risk to the integrity and confidentiality of end-user workstations.

Remediation

Immediate Action: Update Foxit PDF Editor and Reader to the latest available versions released by the vendor to patch the underlying memory corruption issue.

Proactive Monitoring: Monitor endpoint logs for abnormal application crashes or unexpected child processes spawned by the PDF reader.

Compensating Controls: Restrict the ability of PDF readers to execute scripts or access network resources via endpoint security policies until patches are applied.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the severity of use-after-free vulnerabilities in document processing software, organizations should prioritize deploying the latest vendor updates across all workstations. Users should be advised to exercise caution when opening unsolicited PDF files from untrusted sources.