Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in Adobe Acrobat Reader that can lead to arbitrary code execution when a malicious PDF file is opened. The flaw occurs during file parsing and allows memory corruption, enabling an attacker to run arbitrary code in the context of the current user, potentially installing malware or escalating privileges.

Affected Systems

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and all earlier releases are affected. Users of these versions on any supported platform should be aware.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, but EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, so the exact exploitation probability remains uncertain. Exploitation requires the victim to open a crafted PDF, meaning attack vectors are limited to user interaction; however, this still poses significant risk to users exposed to untrusted documents.

Generated by OpenCVE AI on June 9, 2026 at 22:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe Acrobat Reader to the latest version released after 26.001.21651.
  • Disable automatic opening of PDF files in the default viewer or use a sandboxed application to open PDFs.
  • Verify or scan any PDF with a reputable antivirus or scanning service before opening.

Generated by OpenCVE AI on June 9, 2026 at 22:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:41:42.942Z

Reserved: 2026-05-20T15:50:31.359Z

Link: CVE-2026-47911

cve-icon Vulnrichment

Updated: 2026-06-09T20:39:20.516Z

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:20.837

Modified: 2026-06-09T21:17:20.837

Link: CVE-2026-47911

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses