Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a Use After Free in Acrobat Reader. When a malformed PDF is processed, memory that has already been freed is accessed again, which can let an attacker direct the code flow and execute arbitrary code with the current user's privileges.

Affected Systems

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and all earlier releases are susceptible. Any user running these versions on supported operating systems can be impacted.

Risk and Exploitability

The CVSS score of 7.8 classifies the vulnerability as high severity. Exploitation demands that the victim open a malicious PDF, so user awareness provides partial defense. No EPSS data is published, and the flaw is not listed in the CISA KEV catalog, but the Adobe advisory recommends immediate action to prevent potential compromise.

Generated by OpenCVE AI on June 9, 2026 at 22:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe Acrobat Reader update, which resolves the use‑after‑free issue.
  • Disable automatic opening of PDF files from untrusted sources or configure the application to ask for explicit user approval before rendering PDFs.
  • Enable Acrobat Reader’s Protected Mode or sandbox setting to limit the extent of any successful exploitation.
  • If Acrobat Reader is not required for certain users, consider uninstalling or restricting the application.

Generated by OpenCVE AI on June 9, 2026 at 22:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:47:42.447Z

Reserved: 2026-05-20T15:50:31.360Z

Link: CVE-2026-47917

cve-icon Vulnrichment

Updated: 2026-06-09T20:47:38.952Z

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:21.590

Modified: 2026-06-09T21:17:21.590

Link: CVE-2026-47917

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T03:00:10Z

Weaknesses