Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and all earlier releases contain an out‑of‑bounds read that can expose the contents of memory that the software should not access. The vulnerability could allow an attacker to read sensitive information after a user opens a specially crafted PDF file, but it requires the user to interact with the file. The primary consequence is the potential disclosure of confidential data, which could compromise privacy and business secrets.

Affected Systems

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and all earlier releases are affected. Users of this product running those versions are at risk.

Risk and Exploitability

The CVSS v3.1 base score is 5.5, indicating moderate severity. The EPSS score is not provided, and the vulnerability is not listed in CISA’s KEV catalog, which suggests there has been no widespread exploitation to date. Exploitation requires a malicious PDF to be opened by a user, so the attack vector is User Interaction with a crafted document. Although an attacker must supply the payload, the impact of a successful exploit is non‑trivial due to the potential disclosure of memory contents.

Generated by OpenCVE AI on June 9, 2026 at 21:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe Acrobat Reader to the latest version that contains the security fix.
  • Avoid opening PDF files from untrusted or unknown sources.
  • Use antivirus or sandbox tools to scan PDFs before opening.
  • Monitor audit logs for attempts to open suspicious PDFs.

Generated by OpenCVE AI on June 9, 2026 at 21:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:53:33.631Z

Reserved: 2026-05-20T15:50:31.360Z

Link: CVE-2026-47923

cve-icon Vulnrichment

Updated: 2026-06-09T20:53:28.785Z

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:22.200

Modified: 2026-06-09T21:17:22.200

Link: CVE-2026-47923

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses