Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Use After Free flaw that allows an attacker to execute arbitrary code in the context of the user who opens a malicious PDF. Once the memory that has been freed is accessed, the attacker can inject code that runs with the privileges of the current user. This weakness is identified as CWE‑416 and requires user interaction to trigger.

Affected Systems

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and all earlier releases are affected. The vulnerability is specific to the Acrobat Reader product line from Adobe.

Risk and Exploitability

The CVSS score of 7.8 indicates a serious risk, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the victim to open a malicious file, so the attack vector is user interaction with crafted PDF content. With no EPSS data available, the likelihood of current exploitation cannot be quantified, but the impact and required user action suggest a high priority for patching.

Generated by OpenCVE AI on June 9, 2026 at 21:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Acrobat Reader update that addresses the Use After Free flaw.
  • Configure Acrobat Reader to block automatic opening of PDFs from untrusted sources and disable JavaScript execution in PDF files.
  • Educate users to avoid opening unfamiliar PDF attachments and to verify digital signatures when available.

Generated by OpenCVE AI on June 9, 2026 at 21:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:42:07.398Z

Reserved: 2026-05-20T15:50:31.363Z

Link: CVE-2026-47955

cve-icon Vulnrichment

Updated: 2026-06-09T20:42:00.694Z

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:24.023

Modified: 2026-06-09T21:17:24.023

Link: CVE-2026-47955

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses