Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier contain a Use After Free flaw that can allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability arises when a maliciously crafted file is opened, freeing memory that is later accessed, leading to a potentially complete compromise of the user session.

Affected Systems

The affected product is Adobe Acrobat Reader, specifically any deployment on or prior to versions 24.001.30365 and 26.001.21651. All earlier builds share the same code path that liberates memory before use.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, but the exploitation requires user interaction; the attacker must convince a victim to open a malicious document. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting that large‑scale, automated exploitation is not yet documented. Nonetheless, once a user opens a malicious PDF, the attacker can achieve arbitrary code execution in that user’s context, representing a serious threat if the user has elevated or sensitive access.

Generated by OpenCVE AI on June 9, 2026 at 22:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Acrobat Reader to the latest version available for your platform, ensuring the install includes the security update that fixes the use‑after‑free flaw.
  • Configure Acrobat Reader or your document handling infrastructure to block unknown or unsigned PDF files and use the built‑in sandboxing features to reduce the risk of exploitation.
  • If an immediate patch is not possible, consider disabling or removing Acrobat Reader from systems that do not require it, or enforce strict application whitelisting to prevent unauthorized execution of the vulnerable software.

Generated by OpenCVE AI on June 9, 2026 at 22:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:01:09.003Z

Reserved: 2026-05-20T15:50:31.359Z

Link: CVE-2026-47912

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:20.990

Modified: 2026-06-09T21:17:20.990

Link: CVE-2026-47912

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses