PatchSiren cyber security CVE debrief
CVE-2026-13129 Foxit Software Inc. CVE debrief
A high-severity vulnerability, CVE-2026-13129, was found in Foxit PDF software. When opening a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer. The vulnerability has a CVSS score of 7.8, indicating a high severity. Users of Foxit PDF software should be aware of this vulnerability and take necessary actions to protect themselves. The vulnerability is related to the handling of PDF files and JavaScript, which could lead to a crash or potentially allow an attacker to execute arbitrary code.
- Vendor
- Foxit Software Inc.
- Product
- Foxit PDF Editor
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-08
Who should care
Users of Foxit PDF software should be aware of this vulnerability and take necessary actions to protect themselves. The vulnerability has a high severity, with a CVSS score of 7.8, and could potentially allow an attacker to execute arbitrary code or cause the application to crash. Defenders should review the official advisory or CVE record for more information about the vulnerability and take steps to protect themselves.
Technical summary
The vulnerability occurs when the application opens a PDF file and JavaScript uses the damaged field tree to trigger field traversal. This results in the program holding an invalid form object when accessing the field property path, eventually causing the application to crash due to reading an invalid pointer. The CVSS score for this vulnerability is 7.8, indicating a high severity. The vulnerability is related to the handling of PDF files and JavaScript, which could lead to a crash or potentially allow an attacker to execute arbitrary code. There is limited information available about the vulnerability, and defenders should review the official advisory or CVE record for more information.
Defensive priority
High
Recommended defensive actions
- Apply the vendor patch or update to the latest version of Foxit PDF software.
- Verify that the software is up-to-date and configured correctly.
- Monitor the system for suspicious activity.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-07-08T09:16:29.673Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The CVE record does not provide detailed information about the vulnerability, so defenders should review the official advisory or CVE record for more information.
Official resources
-
CVE-2026-13129 CVE record
CVE.org
-
CVE-2026-13129 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
14984358-7092-470d-8f34-ade47a7658a2
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T09:16:29.673Z and has not been modified since then.