Description
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.
Published: 2026-03-10
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Certificate Validation Bypass
Action: Immediate Update
AI Analysis

Impact

Adobe Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier suffer from an improper certificate validation flaw that can allow an attacker to spoof the identity of a document signer, thereby bypassing the software’s security checks. The flaw does not provide remote code execution but can undermine user confidence in signed PDFs and facilitate social‑engineering attacks by convincing users that a malicious file originates from a trusted source.

Affected Systems

Adobe Acrobat Reader, including the Acrobat Reader DC family. Versions affected are 24.001.30307, 24.001.30308, 25.001.21265 and all earlier releases. The vulnerability applies across platforms where Acrobat Reader is deployed, including macOS and Windows operating systems.

Risk and Exploitability

The CVSS v3.1 score of 5.5 marks this as a medium‑severity weakness, and the EPSS probability is listed as less than 1 percent, indicating low likelihood of exploitation at present. The Adobe advisory specifies that the flaw requires user interaction; typically this would involve opening a malicious PDF that contains a forged signature. The flaw is not listed in the CISA KEV catalog, so no known active exploits have been reported publicly yet. Nonetheless, the ability to fake the identity of a signer poses a significant risk in environments where document authenticity is critical.

Generated by OpenCVE AI on April 16, 2026 at 03:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Acrobat Reader update that addresses improper certificate validation, as detailed in the Adobe Security Bulletin APSB26-26.
  • If an update cannot be applied immediately, restrict Adobe Acrobat Reader from executing embedded scripts or interactive content in PDF files, thereby reducing the potential impact of a spoofed signature.
  • Educate users to verify the authenticity of PDF signatures and to be cautious of documents from untrusted sources before opening them.

Generated by OpenCVE AI on April 16, 2026 at 03:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe acrobat
Adobe acrobat Dc
Adobe acrobat Reader Dc
Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Adobe acrobat
Adobe acrobat Dc
Adobe acrobat Reader Dc
Apple
Apple macos
Microsoft
Microsoft windows

Wed, 11 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 10 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.
Title Acrobat Reader | Improper Certificate Validation (CWE-295)
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

Subscriptions

Adobe Acrobat Acrobat Dc Acrobat Reader Acrobat Reader Dc
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-03-11T13:08:15.923Z

Reserved: 2026-02-18T22:02:41.380Z

Link: CVE-2026-27221

cve-icon Vulnrichment

Updated: 2026-03-11T13:02:03.066Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T22:16:18.090

Modified: 2026-03-11T18:15:14.850

Link: CVE-2026-27221

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T03:15:22Z

Weaknesses