Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier contain a stack‑based buffer overflow that can be triggered by a specially crafted file. The overflow allows an attacker to execute arbitrary code with the privileges of the user currently running Reader. This weakness is identified as CWE‑121 and represents a classic write‑overflow in local memory.

Affected Systems

Adobe Acrobat Reader is the vendor and product affected. Versions 24.001.30365, 26.001.21651 and all earlier releases are vulnerable. Systems running any of these versions need to be evaluated for compliance with the newest update, if available.

Risk and Exploitability

The vulnerability has a CVSS score of 7.8, indicating high severity. EPSS information is not available, but the vulnerability is not listed in CISA KEV. Exploitation requires a user to open a malicious file, so the attack vector is user interaction via a crafted PDF or document. Because the flaw resides in a commonly installed application, the risk remains high and users should act promptly to mitigate.

Generated by OpenCVE AI on June 9, 2026 at 22:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe Acrobat Reader update that includes the fix for this vulnerability.
  • Configure Acrobat Reader to prompt users before opening files that originate from external or untrusted sources.
  • Ensure that system antivirus or endpoint protection is up to date and that file type restrictions are enforced for PDFs.

Generated by OpenCVE AI on June 9, 2026 at 22:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Stack-based Buffer Overflow (CWE-121)
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:01:08.118Z

Reserved: 2026-05-20T15:50:31.364Z

Link: CVE-2026-47959

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:24.273

Modified: 2026-06-09T21:17:24.273

Link: CVE-2026-47959

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:15Z

Weaknesses