Skip to main content

Adobe Acrobat Reader CVE-2026-47952

| EUVD-2026-35821 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-09 adobe GHSA-g56m-wmx8-g7cr
Heap Overflow Adobe Buffer Overflow RCE Acrobat Reader
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 09, 2026 - 20:51 vuln.today

DescriptionNVD

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Articles & Coverage 1

News 19 New Adobe Vulnerabilities - 3 Critical, 16 High Severity Jun 10, 2026

AnalysisAI

Heap-based buffer overflow in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. No public exploit has been identified at time of analysis, but the high CVSS of 7.8 reflects severe local impact, and Acrobat Reader's massive install base makes it a perennial phishing target. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft malicious PDF with heap-overflow trigger
Delivery
Deliver via phishing email or watering hole
Exploit
Victim opens file in vulnerable Reader
Install
Malformed object corrupts heap allocation
C2
Hijack control flow to attacker shellcode
Execute
Execute arbitrary code as current user
Impact
Drop loader and pivot to follow-on objectives
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to open a specially crafted PDF document in a vulnerable build of Adobe Acrobat Reader (24.001.30365 / 26.001.21651 or earlier) - the file must be processed by the affected parser code path, so simple preview thumbnails or text-only extraction may not be sufficient. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects local attack vector with required user interaction but no authentication, scoring 7.8 - high impact but not critical because exploitation depends on opening a malicious file. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious PDF - for example a phishing invoice or HR document - embedding a malformed object that triggers the heap overflow in Reader's parser, and delivers it via email or a watering-hole link. When the victim opens the file in a vulnerable Acrobat Reader build, the overflow corrupts heap metadata, the attacker gains arbitrary code execution as the logged-in user, and proceeds to drop a loader or stealer. …
Remediation Upgrade Adobe Acrobat Reader to a version newer than 24.001.30365 (24.x track) or 26.001.21651 (26.x track) as published in Adobe Security Bulletin APSB26-63 at https://helpx.adobe.com/security/products/acrobat/apsb26-63.html; exact fix build numbers should be taken directly from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all systems running Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 or earlier; issue security alert to end-users restricting document opening from external or untrusted sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-47937 HIGH
8.2 Jun 09

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs via an uncontrol
CVE-2026-47915 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier results from a use-afte
CVE-2026-47916 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) occurs when a victim
CVE-2026-47917 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a vi
CVE-2026-47918 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is triggered when a

Share

CVE-2026-47952 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy