Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A Use After Free flaw in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier can allow an attacker to trigger arbitrary code execution while the process runs as the logged‑in user. This occurs after the software frees a memory object and later reuses it, enabling malicious content to hijack control flow.

Affected Systems

Adobe Acrobat Reader on Windows and macOS systems, specifically versions 24.001.30365, 26.001.21651 and any earlier releases that have not been patched with the vendor update.

Risk and Exploitability

The flaw has a CVSS score of 7.8 and no EPSS score is publicly available. It is not listed in the CISA KEV catalog. Exploitation requires the victim to open a crafted PDF or other supported file; there is no known remote exploitation vector. The risk is considered high for any user who may inadvertently open files from untrusted sources.

Generated by OpenCVE AI on June 9, 2026 at 22:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe Acrobat Reader update that contains the security fix.
  • Avoid opening PDF files from untrusted or unfamiliar sources.
  • Consider running Acrobat Reader in a sandboxed or restricted environment to limit potential impact.

Generated by OpenCVE AI on June 9, 2026 at 22:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:01:11.691Z

Reserved: 2026-05-20T15:50:31.359Z

Link: CVE-2026-47913

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:21.117

Modified: 2026-06-09T21:17:21.117

Link: CVE-2026-47913

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses