Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a use‑after‑free flaw that allows an attacker to read sensitive data from memory after Adobe Acrobat Reader processes a malicious PDF file. The exposed memory can contain confidential information, and exploitation leads to disclosure of that data. According to the description, it requires the victim to open the crafted file, so the attack tree is limited to files that can be delivered to or accessed by the user.

Affected Systems

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and all earlier releases are affected. Users running any of these builds are vulnerable if they encounter malicious PDF documents.

Risk and Exploitability

The CVSS score of 5.5 classifies this as a moderate severity vulnerability. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. Exploitation demands the victim open a malicious file, so the vector is typically user‑initiated via phishing, file sharing or compromised websites. Once the file is opened, the use‑after‑free can leak memory contents to the attacker.

Generated by OpenCVE AI on June 9, 2026 at 21:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe Acrobat Reader update that contains the fix, as announced on Adobe’s security advisory
  • Configure Acrobat to block or sandbox JavaScript and embedded content in PDF files to reduce the impact of future malformed documents
  • Employ email filtering and file‑scanning solutions to detect and quarantine suspicious PDF attachments before they reach users

Generated by OpenCVE AI on June 9, 2026 at 21:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:53:47.045Z

Reserved: 2026-05-20T15:50:31.360Z

Link: CVE-2026-47924

cve-icon Vulnrichment

Updated: 2026-06-09T20:53:42.508Z

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:22.330

Modified: 2026-06-09T21:17:22.330

Link: CVE-2026-47924

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses