EUVD-2026-36510
GHSA-hqrh-5g3x-gfcm
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Local file-open delivery gives AV:L and UI:R; no privileges needed to craft the file (PR:N); arbitrary code execution as the user yields C:H/I:H/A:H.
Primary rating from Vendor (adobe).
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs through an out-of-bounds write triggered when a victim opens a malicious PDF file. Successful exploitation runs attacker code in the context of the current user, making this a classic client-side attack suitable for phishing campaigns. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open an attacker-crafted PDF file in a vulnerable Adobe Acrobat Reader build (24.001.30365, 26.001.21651, or earlier); no prior authentication or network access to the target machine is needed since delivery occurs via the file itself. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) reflects that exploitation is local in CVSS terms - the attacker delivers a file the victim opens - but the practical attack surface is large because PDFs are routinely received via email, web downloads, and shared drives. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a weaponized PDF to a target user, posing as an invoice, resume, or shared document. When the victim opens the file in a vulnerable Acrobat Reader build, the malformed object triggers the out-of-bounds write, hijacks execution flow, and runs attacker shellcode with the user's privileges - typically used to deploy a loader, infostealer, or initial-access RAT. |
| Remediation | Apply the Adobe-released update referenced in security bulletin APSB26-63 (https://helpx.adobe.com/security/products/acrobat/apsb26-63.html) to versions newer than 24.001.30365 and 26.001.21651; consult the bulletin for the exact fixed build for each track since the description lists vulnerable versions rather than fixed ones. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Issue mandatory security alert to all users advising heightened caution with PDF attachments from external senders; implement temporary email policy to flag and warn on external PDF attachments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs via an uncontrol
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier results from a use-afte
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) occurs when a victim
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a vi
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is triggered when a
Share
External POC / Exploit Code
Leaving vuln.today