CVE-2026-13129

Foxit · Foxit PDF Editor / PDF Reader

A use-after-free vulnerability in Foxit PDF Editor and Reader allows attackers to execute arbitrary code via a maliciously crafted PDF file using a damaged field tree.

Executive summary

A high-severity use-after-free vulnerability in Foxit PDF Editor and Reader could allow an attacker to gain unauthorized control over a user's system.

Vulnerability

This is a Use-After-Free (CWE-416) vulnerability triggered when the application processes a PDF containing a damaged field tree. An attacker can leverage JavaScript to trigger invalid object access, requiring user interaction to open the malicious file.

Business impact

The CVSS score of 7.8 (High) reflects the potential for complete compromise of system confidentiality, integrity, and availability. Successful exploitation allows remote code execution in the context of the user, which could result in data theft, installation of malware, or lateral movement within the corporate network.

Remediation

Immediate Action: Update to the latest version of Foxit PDF Editor or Reader as specified in the official vendor security bulletin.

Proactive Monitoring: Monitor endpoint logs for suspicious process spawning behavior related to the Foxit application suite.

Compensating Controls: Deploy endpoint protection solutions capable of detecting malicious PDF document patterns and restrict the execution of JavaScript within PDF viewers via Group Policy if business requirements allow.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the high CVSS score and the prevalence of PDF-based attack vectors, organizations should treat this vulnerability with urgency. Prioritize patching all workstations running affected versions of Foxit PDF Editor and Reader to prevent potential arbitrary code execution.