Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier contain a Use After Free flaw that allows an attacker to execute arbitrary code in the context of the current user. The flaw arises when an object is freed and an attacker can access the memory again, resulting in memory corruption and code execution. This vulnerability is classified as CWE‑416.

Affected Systems

The affected systems are installations of Adobe Acrobat Reader for the listed versions: 24.001.30365, 26.001.21651 and any earlier releases. Systems running newer releases are not affected by this issue.

Risk and Exploitability

The CVSS score of 7.8 indicates a serious risk level. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, which suggests it is not a known, actively exploited vulnerability at this time. Exploitation requires user interaction – the victim must open a malicious file. The attack vector is thus user‑initiated, and while the likelihood of successful exploitation is uncertain, the potential for arbitrary code execution makes it a high‑importance concern for environments where users may inadvertently open compromised PDFs.

Generated by OpenCVE AI on June 9, 2026 at 21:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe Acrobat Reader to the latest patched version that addresses the Use After Free vulnerability.
  • Configure Acrobat Reader to disable autorun for PDF files, or use a sandboxed environment to open unknown documents.
  • Educate users to avoid opening PDFs from untrusted sources and to verify document authenticity before opening.

Generated by OpenCVE AI on June 9, 2026 at 21:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:01:16.152Z

Reserved: 2026-05-20T15:50:31.360Z

Link: CVE-2026-47919

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:21.833

Modified: 2026-06-09T21:17:21.833

Link: CVE-2026-47919

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses