Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier contain a use–after–free flaw (CWE–416) that can lead to arbitrary code execution in the context of the user who opens a malicious file. The vulnerability arises when the application reuses memory after it has been freed, allowing attackers to trigger arbitrary code execution.

Affected Systems

Adobe Acrobat Reader is the affected product, specifically the versions listed above and any earlier releases that have not received an update. Systems running these vulnerable releases are exposed to the described exploitation risk.

Risk and Exploitability

With a CVSS score of 7.8 the vulnerability is considered high severity. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, which suggests limited publicly known exploitation but still significant risk. Exploitation requires user interaction, i.e., the victim must open a malicious PDF file. The likely attack vector is phishing or drive‑by download of malicious PDFs, inferring that attackers rely on enticing users to view compromised documents.

Generated by OpenCVE AI on June 9, 2026 at 22:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Acrobat Reader security update as released in the Adobe security advisory.
  • Restrict PDF file access by filtering or scanning attachments and educate users to avoid opening unknown PDFs.
  • If the update cannot be applied immediately, consider disabling or uninstalling Acrobat Reader or using a sandboxed PDF viewer until the patch is applied.

Generated by OpenCVE AI on June 9, 2026 at 22:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:01:21.280Z

Reserved: 2026-05-20T15:50:31.360Z

Link: CVE-2026-47915

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:21.357

Modified: 2026-06-09T21:17:21.357

Link: CVE-2026-47915

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T03:30:16Z

Weaknesses