Skip to main content

Adobe Acrobat Reader CVE-2026-47955

| EUVD-2026-35819 HIGH
Use After Free (CWE-416)
2026-06-09 adobe GHSA-7v9g-2jg3-77x9
Memory Corruption RCE Use After Free Denial Of Service Adobe Acrobat Reader
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 09, 2026 - 20:50 vuln.today

DescriptionNVD

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Articles & Coverage 1

News 19 New Adobe Vulnerabilities - 3 Critical, 16 High Severity Jun 10, 2026

AnalysisAI

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier is possible when a victim opens a maliciously crafted file that triggers a use-after-free in the document parser. The flaw runs code in the context of the logged-in user and carries a CVSS 7.8 (High) score, but requires user interaction; no public exploit identified at time of analysis and EPSS data is not provided in the input.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft malicious PDF triggering UAF
Delivery
Deliver via phishing email or web
Exploit
Victim opens file in vulnerable Reader
Install
Freed object reused with attacker data
C2
Hijack control flow in Reader process
Execute
Execute payload as current user
Impact
Establish foothold or steal data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) the victim to be running Adobe Acrobat Reader at or below version 24.001.30365 (24.x branch) or 26.001.21651 (26.x branch), and (2) the victim to open an attacker-supplied malicious PDF - opening is the trigger, per the description's 'a victim must open a malicious file' clause and the CVSS UI:R flag. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H reflects a local attack vector requiring user interaction - meaning the malicious file must reach the user (email, web download, USB) and be opened, which lowers exposure compared to network-reachable RCE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious PDF containing objects designed to trigger the use-after-free in Reader's parser and emails it to a target as an invoice, resume, or contract. When the victim opens the document in a vulnerable Reader build, the freed memory is reclaimed by attacker-controlled data, hijacking execution and running a payload (loader, info-stealer, or backdoor) with the user's privileges. …
Remediation Apply the Adobe-released patch by upgrading Acrobat Reader to a version newer than 24.001.30365 on the 24.x branch or newer than 26.001.21651 on the 26.x branch, per Adobe Security Bulletin APSB26-63 (https://helpx.adobe.com/security/products/acrobat/apsb26-63.html); the bulletin lists the exact fixed builds for each track and platform. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Disable JavaScript execution in Adobe Acrobat Reader (Edit > Preferences > JavaScript > General Settings) across all deployed instances and issue mandatory user guidance prohibiting PDF opening from untrusted sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-47937 HIGH
8.2 Jun 09

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs via an uncontrol
CVE-2026-47915 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier results from a use-afte
CVE-2026-47916 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) occurs when a victim
CVE-2026-47917 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a vi
CVE-2026-47918 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is triggered when a

Share

CVE-2026-47955 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy