Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier contain a Use After Free flaw that can allow an attacker to execute arbitrary code in the context of the current user. The vulnerability arises when memory is freed and then accessed again, permitting the injection of malicious code. Because the flaw requires a malicious file to be opened, the impact is limited to interaction with the user but still enables a potentially full compromise of the affected system.

Affected Systems

The affected products are Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and all earlier releases. Users running these versions are vulnerable until the software is updated to a fixed release.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. No EPSS score is available, and the vulnerability is not listed in CISA KEV, suggesting it is not yet widely exploited in the wild. The launch vector is user interaction: a victim must open a specially crafted file. Once the file is processed, the use‑after‑free can be triggered, giving the attacker code execution with the current user's privileges.

Generated by OpenCVE AI on June 9, 2026 at 21:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Adobe’s latest Acrobat Reader update that contains the fix for the use‑after‑free flaw.
  • Configure Acrobat Reader to prompt users when opening files or disable automatic opening of file types known to be exploited.
  • Instruct users to avoid opening files from untrusted or unknown sources and to verify the authenticity of documents before opening.

Generated by OpenCVE AI on June 9, 2026 at 21:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:01:22.144Z

Reserved: 2026-05-20T15:50:31.360Z

Link: CVE-2026-47918

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:21.710

Modified: 2026-06-09T21:17:21.710

Link: CVE-2026-47918

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses