Description
Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-23
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out-of-bounds write that allows maliciously crafted PDF files to write beyond allocated memory, enabling arbitrary code execution at the current user’s privileges. Exploitation depends on a victim opening a malicious file, so user interaction is required. The weakness falls under CWE-787.

Affected Systems

The issue affects multiple versions of Adobe Acrobat Reader: version 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and any earlier releases. Users of these products are at risk regardless of operating system because the vulnerability is in the Reader engine itself.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, and because the exploit requires that a user consciously open a crafted PDF, the effective attack vector is local user interaction. Attackers could trick victims into opening malicious files via email or the web. While the EPSS score is not available, the lack of a KEV listing suggests no confirmed public exploits yet, but the high severity warrants prompt remediation.

Generated by OpenCVE AI on June 24, 2026 at 10:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe Acrobat Reader security update that removes the out-of-bounds write flaw, as described in the Adobe advisory.
  • Ensure that all machines are running an Acrobat Reader version newer than 2020.009.20074 or the equivalent patch level.
  • (Optional) Until a patch is available, restrict users from opening PDF files from untrusted sources and disable automatic PDF preview features.

Generated by OpenCVE AI on June 24, 2026 at 10:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 23 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-24T03:56:28.561Z

Reserved: 2020-03-02T00:00:00.000Z

Link: CVE-2020-9695

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T10:30:14Z

Weaknesses