Skip to main content

Adobe Acrobat Reader CVE-2026-47959

| EUVD-2026-35808 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-06-09 adobe GHSA-q448-g337-rv32
Adobe Stack Overflow Buffer Overflow RCE Acrobat Reader
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 09, 2026 - 20:46 vuln.today

DescriptionNVD

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Articles & Coverage 1

News 19 New Adobe Vulnerabilities - 3 Critical, 16 High Severity Jun 10, 2026

AnalysisAI

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs via a stack-based buffer overflow triggered when a victim opens a malicious PDF. Successful exploitation runs attacker code in the context of the current user, making this a viable initial-access vector through phishing or drive-by document delivery. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft malicious PDF with overflow trigger
Delivery
Deliver via phishing email or web download
Exploit
Victim opens PDF in vulnerable Reader
Install
Stack buffer overflow corrupts return address
C2
Hijacked control flow executes shellcode
Execute
Payload runs as current user
Impact
Establish persistence and C2
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to open a maliciously crafted PDF file in a vulnerable Adobe Acrobat Reader build at or below 24.001.30365 (Classic 2024 track) or 26.001.21651 (Continuous 2026 track) on Windows or macOS; per CVSS UI:R this user interaction is mandatory and there is no documented network-reachable or service-side trigger. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H yields 7.8 (High): local attack vector reflects that exploitation requires the victim to open a file locally, but PR:N and the C/I/A:H impacts confirm full user-context compromise with no prior authentication. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker emails a weaponized PDF to a target - for example as a fake invoice, resume, or shipping notice - and the victim double-clicks it, causing Acrobat Reader to parse a crafted object that overflows a stack buffer and hijacks control flow to attacker shellcode. The payload then executes as the logged-in user, typically dropping a loader, stealing browser credentials, or establishing C2 for follow-on intrusion.
Remediation Apply Adobe's vendor-released patch as documented in APSB26-63 (https://helpx.adobe.com/security/products/acrobat/apsb26-63.html) by upgrading Acrobat Reader to the post-24.001.30365 / post-26.001.21651 builds Adobe lists for each track; exact fix versions should be taken directly from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all Acrobat Reader installations (versions ≤24.001.30365 and ≤26.001.21651); block external PDF attachments in email gateways and disable opening PDFs from untrusted email sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-47937 HIGH
8.2 Jun 09

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs via an uncontrol
CVE-2026-47915 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier results from a use-afte
CVE-2026-47916 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) occurs when a victim
CVE-2026-47917 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a vi
CVE-2026-47918 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is triggered when a

Share

CVE-2026-47959 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy