Description
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write flaw in Adobe Acrobat Reader can enable an attacker to execute arbitrary code with the privileges of the current user. The vulnerability arises when a malformed file is processed, leading to memory corruption that an attacker may manipulate to run arbitrary instructions.

Affected Systems

Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and all earlier releases are affected. The flaw exists in the core PDF parsing and rendering engine.

Risk and Exploitability

The CVSS score is 7.8, indicating a high severity assessment. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires a victim to open a crafted PDF file, so the attack vector is user interaction with a malicious document.

Generated by OpenCVE AI on June 12, 2026 at 19:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Acrobat Reader to the latest available version or apply the Adobe security patch for APSB26‑63
  • Configure the application or network to block or quarantine suspicious PDF files until scanned
  • Enable sandboxing or restrict PDF rendering to prevent execution of untrusted content

Generated by OpenCVE AI on June 12, 2026 at 19:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Fri, 12 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-12T18:29:45.893Z

Reserved: 2026-05-20T15:50:31.364Z

Link: CVE-2026-47965

cve-icon Vulnrichment

Updated: 2026-06-12T18:29:41.717Z

cve-icon NVD

Status : Received

Published: 2026-06-12T18:16:34.913

Modified: 2026-06-12T18:16:34.913

Link: CVE-2026-47965

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T19:30:31Z

Weaknesses