Form Object Vulnerability in Foxit PDF Software
CVE-2026-13129
What is CVE-2026-13129?
A vulnerability has been identified in Foxit PDF Software where improper handling of PDF files can lead to a form object exploitation. During the opening of a PDF file, JavaScript incorrectly utilizes the damaged field tree, which results in a field traversal condition. This flaw causes the application to reference an invalid form object while trying to access the field property path, ultimately leading to a crash as the program attempts to read from an invalid pointer. Users are advised to be cautious while opening PDF files and ensure that their software is up to date to mitigate potential risks.
Affected Version(s)
Foxit PDF Editor Windows Versions 2026.1.1 and earlier
Foxit PDF Editor Windows Versions 14.0.4 and earlier
Foxit PDF Editor Windows Versions 13.2.4 and earlier
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved
