Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier contain a heap-based buffer overflow that can lead to arbitrary code execution. The flaw is a classic use of uncontrolled memory writes (CWE‑122) and can compromise confidentiality, integrity, and availability of the victim’s system if executed. The vulnerability requires the current user to open a specially crafted PDF file, so the primary impact is local to the user’s session.

Affected Systems

Adobe Acrobat Reader, specifically the versions listed above. Any installation of Acrobat Reader on these or earlier releases is affected.

Risk and Exploitability

The CVSS score of 7.8 indicates a moderate to high severity, and the reported EPSS score is not available, so the exact likelihood of exploitation cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a social‑engineering based approach in which the victim is persuaded to open a malicious PDF file. If such a file is executed, an attacker could run arbitrary code with the victim’s privileges. Currently no public exploit is documented, but the presence of the vulnerability warrants caution.

Generated by OpenCVE AI on June 9, 2026 at 21:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe Acrobat Reader version that includes the fix for CVE‑2026‑47952.
  • Enable Adobe Reader’s sandboxing features and disable JavaScript or other potentially dangerous content in PDF files.
  • Avoid opening PDF files from untrusted or unknown sources until they have been verified or scanned.

Generated by OpenCVE AI on June 9, 2026 at 21:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Heap-based Buffer Overflow (CWE-122)
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:01:19.556Z

Reserved: 2026-05-20T15:50:31.363Z

Link: CVE-2026-47952

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:23.883

Modified: 2026-06-09T21:17:23.883

Link: CVE-2026-47952

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses