Use-after-free in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - CVE-2026-13128
Published: July 8, 2026
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to use-after-free in Foxit PDF Reader and Foxit PDF Editor when handling PDFs embedded with certain JavaScript. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.
User interaction is required to open a crafted PDF file.