Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier contain an out‑of‑bounds read flaw that allows a malicious PDF to cause the application to read memory outside the intended bounds. This flaw can expose sensitive data such as personal information or cryptographic keys that the application holds while running. The vulnerability is classified as CWE‑125 and does not enable arbitrary code execution; it merely leaks data that could be used in broader attacks.

Affected Systems

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and all earlier releases are impacted by this vulnerability.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity risk; the EPSS score is unavailable, so the current exploitation probability is unknown. Exploitation requires user interaction, as the attacker must deliver a malicious PDF that the victim opens. Disclosure of memory contents could compromise confidentiality. The flaw is not listed in CISA’s KEV catalog, suggesting no known public exploitation at the time of assessment.

Generated by OpenCVE AI on June 9, 2026 at 21:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Acrobat Reader to the latest available version that includes the fix.
  • Enable the application’s sandbox and tighten security settings to quarantine JavaScript execution within PDFs.
  • Use an up‑to‑date anti‑malware engine to scan PDF files before opening them.

Generated by OpenCVE AI on June 9, 2026 at 21:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:54:00.829Z

Reserved: 2026-05-20T15:50:31.361Z

Link: CVE-2026-47926

cve-icon Vulnrichment

Updated: 2026-06-09T20:53:55.879Z

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:22.573

Modified: 2026-06-09T21:17:22.573

Link: CVE-2026-47926

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:00:19Z

Weaknesses