Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out-of-bounds read exists in Adobe Acrobat Reader that can expose sensitive data stored in memory. The weakness is a classic read-from-unknown-memory-region error that may leak private information but does not provide code execution or other privilege escalation. Attackers can obtain excerpts of memory contents if they can trick a user into processing a crafted file.

Affected Systems

Adobe Acrobat Reader releases 24.001.30365, 26.001.21651 and all earlier versions are vulnerable. Any installation of these versions that processes untrusted PDFs or other supported file types is at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate impact. The EPSS score is not reported, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires user interaction: a victim must open a malicious document. Consequently, the likelihood of exploitation depends heavily on user behavior and the prevalence of malicious PDFs.

Generated by OpenCVE AI on June 9, 2026 at 22:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Acrobat Reader to the latest available version that removes the out-of-bounds read flaw.
  • Configure Acrobat Reader to alert users or block opening of files whose origins are unknown or come from untrusted sources.
  • Restrict user access to unknown PDF files by applying network and file‑type filtering or by using content‑disposition controls.

Generated by OpenCVE AI on June 9, 2026 at 22:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:54:13.766Z

Reserved: 2026-05-20T15:50:31.364Z

Link: CVE-2026-47961

cve-icon Vulnrichment

Updated: 2026-06-09T20:54:09.243Z

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:24.540

Modified: 2026-06-09T21:17:24.540

Link: CVE-2026-47961

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses