Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Published: 2026-06-09
Score: 7.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier contain an uncontrolled search path element vulnerability that can allow an attacker to cause arbitrary code execution when a user opens a malicious file. The flaw involves a flaw in how Acrobat builds its execution paths, leading to a change in scope and granting the attacker the same privileges as the current user. The weakness is a classic example of CWE‑427.

Affected Systems

The affected product is Adobe Acrobat Reader for all operating systems that shipped the specified versions. Users running any of the listed release numbers, or earlier releases that share the same code base, are at risk until they upgrade to a patched revision provided by Adobe.

Risk and Exploitability

This vulnerability has a CVSS score of 7.4 and is not listed in the CISA KEV catalog. No EPSS score is available, indicating the exploit probability is not quantified. Because the exploit requires user interaction to open a malicious file, it is an exploitation scenario that relies on social engineering or phishing. Nevertheless, once the vulnerability is triggered, the attacker can execute arbitrary code with the victim's user rights, potentially escalating privileges if the victim has administrative rights. The absence of a KEV listing does not negate the need to patch promptly, as the CVSS score signals a substantial risk.

Generated by OpenCVE AI on June 9, 2026 at 21:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Acrobat Reader update that addresses CVE-2026-47937
  • Configure the operating system to restrict write access to Acrobat's installation directory, preventing unauthorized changes to executable paths
  • Enforce least‑privilege user accounts for file viewer applications and implement policy to disallow automatic execution of PDF files from untrusted sources
  • Regularly check Adobe’s security advisories and apply patches as they are released

Generated by OpenCVE AI on June 9, 2026 at 21:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Title Acrobat Reader | Uncontrolled Search Path Element (CWE-427)
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:05:51.744Z

Reserved: 2026-05-20T15:50:31.362Z

Link: CVE-2026-47937

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:23.463

Modified: 2026-06-09T21:17:23.463

Link: CVE-2026-47937

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T01:15:18Z

Weaknesses