Skip to main content

Adobe Acrobat Reader CVE-2026-47919

| EUVD-2026-35817 HIGH
Use After Free (CWE-416)
2026-06-09 adobe GHSA-77hv-x6q3-c6j4
Memory Corruption RCE Use After Free Denial Of Service Adobe Acrobat Reader
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 09, 2026 - 20:50 vuln.today

DescriptionNVD

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Articles & Coverage 1

News 19 New Adobe Vulnerabilities - 3 Critical, 16 High Severity Jun 10, 2026

AnalysisAI

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is possible when a victim opens a maliciously crafted document, triggering a use-after-free condition in the renderer. The flaw runs code in the context of the current user and has no public exploit identified at time of analysis, though Adobe issued advisory APSB26-63 confirming the vulnerability class and affected versions.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft malicious PDF with UAF trigger
Delivery
Deliver via phishing email or web download
Exploit
Victim opens document in vulnerable Reader
Install
Trigger use-after-free in object handler
C2
Hijack control flow via reclaimed memory
Execute
Execute payload as current user
Impact
Establish persistence or pivot
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The victim must open a maliciously crafted PDF file in a vulnerable Acrobat Reader build (24.001.30365, 26.001.21651, or earlier) - user interaction is required per UI:R in the CVSS vector and explicit in the description. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 7.8 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects a local attack vector with required user interaction - meaning the victim must open the malicious file - rather than a remote network exploit; this is standard for client-side document parsers and limits drive-by exposure compared to server CVEs. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious PDF that manipulates Acrobat Reader's object lifecycle to free an object while a pointer to it remains live, then reclaims the freed memory with attacker-controlled data via heap spraying (using JavaScript or embedded streams). The PDF is delivered via spear-phishing email or a watering-hole download; when the victim double-clicks the document, the dangling pointer is dereferenced, control flow is hijacked, and shellcode executes as the user - typically dropping a second-stage implant. …
Remediation Apply the patched build identified in Adobe Security Bulletin APSB26-63 (https://helpx.adobe.com/security/products/acrobat/apsb26-63.html) - patch available per vendor advisory; consult the bulletin for the exact fixed version numbers for the 24.x and 26.x update tracks on your platform. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Disable or restrict Adobe Acrobat Reader in user environments; direct employees to alternative PDF viewers (built-in browser PDF readers, free alternatives). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-47937 HIGH
8.2 Jun 09

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs via an uncontrol
CVE-2026-47915 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier results from a use-afte
CVE-2026-47916 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) occurs when a victim
CVE-2026-47917 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a vi
CVE-2026-47918 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is triggered when a

Share

CVE-2026-47919 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy