Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A Use‑After‑Free flaw in Adobe Acrobat Reader, disclosed as CVE-2026-47914, allows an attacker to execute arbitrary code in the context of the user who opens a crafted PDF file. The vulnerability arises when the application frees memory prematurely and later accesses it again, providing a path for code injection. If triggered, the attacker can gain the same privileges as the current user, potentially leading to data theft, system compromise, or further lateral movement.

Affected Systems

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and all earlier releases are affected. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, EPSS is not provided, and the vulnerability is not listed in CISA KEV, meaning it has not yet been widely exploited. The likely attack vector requires the victim to open a malicious PDF file, after which the flaw can be exploited to execute arbitrary code in the user’s context. The combination of high severity and the user‑interaction prerequisite places this vulnerability in a high‑risk category for environments with loose document‑handling policies.

Generated by OpenCVE AI on June 9, 2026 at 22:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe Acrobat Reader to the latest version that removes the Use‑After‑Free flaw.
  • Configure Acrobat Reader to operate in High Security mode, disabling JavaScript and enforcing sandbox controls.
  • Implement antivirus or sandbox filtering for PDF files before they are opened and enforce strict email attachment policies.

Generated by OpenCVE AI on June 9, 2026 at 22:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:01:10.756Z

Reserved: 2026-05-20T15:50:31.360Z

Link: CVE-2026-47914

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:21.230

Modified: 2026-06-09T21:17:21.230

Link: CVE-2026-47914

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses