PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-13522 Investintech CVE debrief

CVE-2026-13522 is a security flaw discovered in Investintech SlimPDFReader up to version 2.0.14. The vulnerability affects the PDF File Handler component, specifically the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 in the file SlimPDFReader.exe. This issue allows for an out-of-bounds read, which can be exploited remotely. It is noted that this vulnerability only affects products that are no longer supported by the maintainer. The CVSS score for this vulnerability is 2.1, indicating a low severity.

Vendor
Investintech
Product
SlimPDFReader
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-29
Original CVE updated
2026-06-29
Advisory published
2026-06-29
Advisory updated
2026-06-29

Who should care

Organizations and individuals using Investintech SlimPDFReader up to version 2.0.14 should be aware of this vulnerability. Since the affected products are no longer supported, users are advised to consider alternative solutions or apply compensating controls to mitigate the risk. This vulnerability can be exploited remotely, making it essential for users to take necessary precautions.

Technical summary

The vulnerability is caused by an out-of-bounds read in the SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 function of the SlimPDFReader.exe file. This function is part of the PDF File Handler component in Investintech SlimPDFReader up to version 2.0.14. The issue can be triggered remotely, and its successful exploitation could lead to information disclosure. The Common Vulnerabilities and Exposures (CVE) score for this issue is 2.1, with a low severity rating.

Defensive priority

Given the low CVSS score of 2.1 and the fact that the affected products are no longer supported, the defensive priority for this vulnerability is moderate. Users of affected products should prioritize upgrading to a supported version or implementing compensating controls to mitigate the risk of exploitation.

Recommended defensive actions

  • Immediately assess if any instances of Investintech SlimPDFReader up to version 2.0.14 are in use within the organization.
  • Consider upgrading to a supported version of Investintech SlimPDFReader, if available.
  • Implement compensating controls, such as restricting access to the affected software or monitoring for suspicious activity.
  • Inform stakeholders about the vulnerability and the potential risks associated with it.
  • Review and update incident response plans to include procedures for handling potential exploitation attempts.

Evidence notes

The CVE-2026-13522 vulnerability was discovered in Investintech SlimPDFReader up to version 2.0.14. The vulnerability affects the PDF File Handler component and allows for out-of-bounds read attacks remotely. The CVSS score for this vulnerability is 2.1, indicating a low severity. The affected products are no longer supported by the maintainer. Limited information is available about potential exploits or attacks in the wild.

Official resources

This article is AI-assisted and based on the supplied source corpus.