EUVD-2026-35811
GHSA-mh5m-9j33-8rgv
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Articles & Coverage 1
AnalysisAI
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs through a use-after-free condition triggered by opening a malicious PDF document. Successful exploitation runs code in the context of the current user, but no public exploit identified at time of analysis and the issue requires user interaction to open the crafted file.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The victim must open an attacker-supplied PDF in a vulnerable Acrobat Reader build (24.001.30365, 26.001.21651, or earlier) - the CVSS vector's UI:R and the description both confirm user interaction is mandatory, so the attack cannot fire purely from receiving or previewing a file in environments where preview is disabled. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H scores 7.8 (High) and reflects that the attack vector is local - meaning the malicious PDF must reach and be opened on the target host - and that user interaction is required. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious PDF that triggers the use-after-free in Acrobat Reader's parser or JavaScript engine and delivers it via phishing email, a watering-hole download, or a shared collaboration link. When the targeted user opens the document in an unpatched Reader, the freed object is reallocated under attacker control, hijacking execution to run arbitrary code with the user's privileges - enabling credential theft, persistence, or staging for lateral movement. … |
| Remediation | Apply the patched Acrobat Reader builds listed in Adobe security bulletin APSB26-63 (https://helpx.adobe.com/security/products/acrobat/apsb26-63.html) - patch available per vendor advisory; install the fixed release on every endpoint via Adobe's auto-update, SCCM/Intune, or your endpoint management tool. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Issue user advisory to avoid opening PDFs from untrusted sources; implement email gateway controls to restrict external PDF attachments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Remote code execution in Adobe Campaign Classic (ACC) version 7.4.3 build 9394 and earlier allows unauthenticated networ
Server-side request forgery in Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier escalates to arbitrary
Unauthenticated arbitrary file upload in Amasty Order Attributes for Magento 2 before 4.0.0 lets remote attackers drop a
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs via an uncontrol
Arbitrary code execution in Adobe Acrobat Reader 24.001.30365, 26.001.21651, and earlier versions occurs through a use-a
Share
External POC / Exploit Code
Leaving vuln.today