Form Object Vulnerability in Foxit PDF Software
CVE-2026-13129

7.8HIGH

Key Information:

Vendor

Foxit Inc.

Vendor
CVE Published:
8 July 2026

What is CVE-2026-13129?

A vulnerability has been identified in Foxit PDF Software where improper handling of PDF files can lead to a form object exploitation. During the opening of a PDF file, JavaScript incorrectly utilizes the damaged field tree, which results in a field traversal condition. This flaw causes the application to reference an invalid form object while trying to access the field property path, ultimately leading to a crash as the program attempts to read from an invalid pointer. Users are advised to be cautious while opening PDF files and ensure that their software is up to date to mitigate potential risks.

Affected Version(s)

Foxit PDF Editor Windows Versions 2026.1.1 and earlier

Foxit PDF Editor Windows Versions 14.0.4 and earlier

Foxit PDF Editor Windows Versions 13.2.4 and earlier

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Anonymous working with TrendAI Zero Day Initiative
.