Skip to main content

Adobe Acrobat Reader CVE-2026-47920

| EUVD-2026-35814 HIGH
Use After Free (CWE-416)
2026-06-09 adobe GHSA-r874-vvv4-pw47
Memory Corruption RCE Use After Free Denial Of Service Adobe Acrobat Reader
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 09, 2026 - 20:48 vuln.today

DescriptionNVD

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Articles & Coverage 1

News 19 New Adobe Vulnerabilities - 3 Critical, 16 High Severity Jun 10, 2026

AnalysisAI

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a maliciously crafted PDF that triggers a use-after-free condition in the parser. Exploitation runs at the privilege of the user opening the file, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft malicious PDF triggering UAF
Delivery
Deliver via phishing email or web download
Exploit
Victim opens file in vulnerable Reader
Install
Dangling pointer dereferenced on controlled heap
C2
Hijack execution via overwritten vtable
Execute
Execute payload as current user
Impact
Steal credentials and pivot
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to open an attacker-controlled PDF file in a vulnerable Acrobat Reader build (24.001.30365, 26.001.21651, or earlier) - this is the explicit UI:R requirement in the CVSS vector and the 'victim must open a malicious file' clause in Adobe's description. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H frames this as a local-vector bug requiring user interaction, which caps the base score at 7.8 despite full triad impact; in practice the 'local' vector is misleading because the malicious PDF is typically delivered over the network via email or web download, with the user's double-click satisfying both the local-access and UI:R conditions. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker emails a finance employee a PDF labelled as an invoice or wire-transfer confirmation; opening it in an unpatched Reader triggers the use-after-free, the attacker's heap-sprayed payload gains control of the freed object's vtable, and shellcode executes in the user's session to drop a loader. From there the attacker harvests browser cookies and Outlook tokens to pivot, all without any privilege escalation since user-context access is sufficient for data theft.
Remediation Apply the Adobe-released updates documented in security bulletin APSB26-63 at https://helpx.adobe.com/security/products/acrobat/apsb26-63.html, which supersedes 24.001.30365 on the Classic track and 26.001.21651 on the Continuous track - install the next published build for whichever track your fleet follows. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Issue urgent security advisory prohibiting staff from opening PDFs from untrusted sources; enable email gateway warnings on all external PDF attachments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-47937 HIGH
8.2 Jun 09

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs via an uncontrol
CVE-2026-47915 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier results from a use-afte
CVE-2026-47916 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) occurs when a victim
CVE-2026-47917 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a vi
CVE-2026-47918 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is triggered when a

Share

CVE-2026-47920 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy