Description
Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-23
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read in Adobe Acrobat Reader allows a malicious PDF to read memory locations beyond the intended buffer. When the document is opened, the vulnerability can leak sensitive data from the process memory. It is inferred that the disclosed data could contain confidential or personal information, though the exact scope is not specified.

Affected Systems

Adobe Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and any earlier releases are affected. Users running these or older builds should verify the version and plan a remediation.

Risk and Exploitability

With a CVSS score of 5.5 the vulnerability presents a moderate risk. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited known exploitation. Exploitation requires the victim to open a crafted file, meaning the attack vector is user interaction via a malicious PDF document. If the file is opened in an untrusted environment or without sandboxing, the read may expose private data.

Generated by OpenCVE AI on June 24, 2026 at 10:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Acrobat Reader to the latest version, which includes the fix for CVE‑2020‑9711.
  • Ensure that the application is configured to use the built‑in sandbox or other isolation features when opening PDF files.
  • Scan incoming PDF attachments with updated malware protection before opening them.

Generated by OpenCVE AI on June 24, 2026 at 10:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 23 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-23T19:50:27.031Z

Reserved: 2020-03-02T00:00:00.000Z

Link: CVE-2020-9711

cve-icon Vulnrichment

Updated: 2026-06-23T19:40:54.321Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T10:30:14Z

Weaknesses