Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe Acrobat Reader is vulnerable to a use‑after‑free flaw (CWE‑416). The bug allows an attacker to trigger an arbitrary code execution when a malicious PDF is opened. The vulnerability does not grant elevated privileges; a successful exploit runs code as the user who opens the file.

Affected Systems

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and all earlier releases are affected. The flaw exists in the core PDF processing engine used by all supported platforms for Acrobat Reader.

Risk and Exploitability

The CVSS score of 7.8 categorizes this issue as a high‑severity problem. No EPSS score is currently available, and it is not listed in the CISA KEV catalog. Exploitation requires user interaction: the victim must open a crafted PDF, so social engineering or phishing is needed to deliver the malicious file. The risk is mitigated only by applying a software update or avoiding the use of vulnerable versions.

Generated by OpenCVE AI on June 9, 2026 at 21:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe Acrobat Reader to the latest available version to eliminate the use‑after‑free flaw.
  • Refrain from opening PDF files from untrusted or unknown sources; verify the file’s authenticity before opening.
  • Configure browsers, email clients, or operating‑system settings to block Acrobat Reader from automatically opening PDF files from the internet, and consider using a sandboxed viewer when handling potentially dangerous content.

Generated by OpenCVE AI on June 9, 2026 at 21:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:01:13.544Z

Reserved: 2026-05-20T15:50:31.360Z

Link: CVE-2026-47920

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:21.950

Modified: 2026-06-09T21:17:21.950

Link: CVE-2026-47920

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses