CVE-2026-13126

Summary

The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing.

Affected Software

VendorProductVersion RangeStatus
Foxit Software Inc.Foxit PDF EditorVersions 2026.1.1 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 14.0.4 and earlieraffected
Foxit Software Inc.Foxit PDF ReaderVersions 2026.1.1 and earlieraffected

Weaknesses

  • CWE-416: CWE-416 Use after free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References