Skip to main content

Acrobat Dc CVE-2026-27221

MEDIUM
Improper Certificate Validation (CWE-295)
2026-03-10 psirt@adobe.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 10, 2026 - 22:16 nvd
MEDIUM 5.5

DescriptionCVE.org

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.

AnalysisAI

Improper certificate validation in Adobe Acrobat Reader DC versions 24.001.30307 and earlier allows local attackers to forge digital signatures by spoofing signer identity, bypassing security features that users rely on for document verification. This attack requires user interaction and affects multiple Adobe products including Acrobat DC. No patch is currently available.

Technical ContextAI

Classified as CWE-295 (Improper Certificate Validation). Affects Acrobat Dc. Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2016-4203 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2015-7622 CRITICAL POC
10.0 Oct 14

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.

CVE-2016-4208 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-4207 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-4206 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-4205 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-4204 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-4201 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2016-1077 CRITICAL POC
9.8 May 11

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acro

CVE-2017-16385 HIGH
8.8 Dec 09

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier ver

CVE-2017-16396 HIGH
8.8 Dec 09

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier ver

CVE-2017-16395 HIGH
8.8 Dec 09

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier ver

Share

CVE-2026-27221 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy