{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/pdf-reader--2026.1.2/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-57249"},{"cvss":7.8,"id":"CVE-2026-57251"},{"cvss":6.1,"id":"CVE-2026-57255"},{"cvss":7.8,"id":"CVE-2026-57256"},{"cvss":6.1,"id":"CVE-2026-57257"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PDF Editor (\u003c 13.2.5)","PDF Editor (\u003c 14.0.5)","PDF Editor (\u003c 2026.1.2)","PDF Reader (\u003c 2026.1.2)"],"_cs_severities":["high"],"_cs_tags":["client-side-exploitation","document-exploit","pdf","rce","privilege-escalation","data-exfiltration","windows","macos"],"_cs_type":"advisory","_cs_vendors":["Foxit"],"content_html":"\u003cp\u003eCERT-FR has issued an advisory regarding multiple critical vulnerabilities affecting Foxit PDF Editor and Reader products across both Windows and macOS platforms, initially identified on July 8, 2026. These vulnerabilities, including a range of CVEs such as CVE-2026-13126 through CVE-2026-13129 and CVE-2026-57237 through CVE-2026-57260, could be exploited by a remote attacker. The exploitation of these flaws could lead to severe consequences for affected users, including arbitrary code execution, unauthorized privilege escalation, and significant data confidentiality breaches. These vulnerabilities affect specific versions of PDF Editor (prior to 13.2.5, 14.0.5, and 2026.1.2) and PDF Reader (prior to 2026.1.2). For defenders, this means immediate patching of all vulnerable Foxit installations is crucial to prevent client-side compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access\u003c/strong\u003e: An attacker crafts a malicious PDF document designed to exploit one or more of the vulnerabilities (e.g., CVE-2026-13126). This document is typically delivered to a victim via email as an attachment or through a compromised website.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser Interaction\u003c/strong\u003e: The victim is enticed to open the malicious PDF document using their vulnerable Foxit PDF Editor or Reader application.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Trigger\u003c/strong\u003e: Upon opening the document, the parsing engine of the Foxit application encounters the malformed or specially crafted content within the PDF, triggering the underlying vulnerability (e.g., a heap buffer overflow, out-of-bounds write).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eArbitrary Code Execution\u003c/strong\u003e: Successful exploitation of the vulnerability leads to arbitrary code execution within the context of the vulnerable Foxit application, allowing the attacker to run their own malicious code.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation\u003c/strong\u003e: If the initial code execution occurs in a low-privileged user context, the attacker may then leverage an additional privilege escalation vulnerability (e.g., CVE-2026-13128) to gain higher system privileges, such as SYSTEM on Windows or root on macOS.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePost-Exploitation\u003c/strong\u003e: With elevated privileges, the attacker can establish persistence, install additional malware (e.g., ransomware, wipers), exfiltrate sensitive data (e.g., CVE-2026-13129), or further compromise the affected system and potentially the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of these numerous vulnerabilities can result in significant damage to an organization. Attackers can gain complete control over a user's workstation through arbitrary code execution, potentially leading to the deployment of ransomware or other destructive malware across the network. Privilege escalation allows an attacker to bypass security controls and access sensitive system resources. Furthermore, compromised data confidentiality can lead to the theft of intellectual property, personal identifiable information (PII), and other critical business data, incurring regulatory fines, reputational damage, and severe financial losses. While no specific victim counts or targeted sectors are mentioned, any organization utilizing vulnerable Foxit products is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize patching all affected Foxit products immediately by applying updates from the vendor's security bulletin at \u003ccode\u003ehttps://www.foxitsoftware.com/support/security-bulletins.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEnsure Foxit PDF Editor versions are updated to at least 13.2.5, 14.0.5, or 2026.1.2, and Foxit PDF Reader versions are updated to at least 2026.1.2.\u003c/li\u003e\n\u003cli\u003eEducate users on the risks of opening suspicious or untrusted PDF documents delivered via email or downloaded from unknown sources, as this is the likely initial access vector for CVE-2026-13126, CVE-2026-13127, CVE-2026-13128, CVE-2026-13129, and others.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-08T14:13:59Z","date_published":"2026-07-08T14:13:59Z","id":"https://feed.craftedsignal.io/briefs/2026-07-foxit-vulnerabilities/","summary":"Multiple critical vulnerabilities, including CVE-2026-13126 and CVE-2026-13127, have been discovered in Foxit PDF Editor and Reader for Windows and macOS, enabling a remote attacker to achieve arbitrary code execution, elevate privileges, and compromise data confidentiality if users open a crafted malicious PDF document.","title":"Multiple Vulnerabilities in Foxit PDF Editor and Reader","url":"https://feed.craftedsignal.io/briefs/2026-07-foxit-vulnerabilities/"}],"language":"en","title":"CraftedSignal Threat Feed - PDF Reader (\u003c 2026.1.2)","version":"https://jsonfeed.org/version/1.1"}