EUVD-2026-35809
GHSA-xhch-6vq5-g6rw
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Articles & Coverage 1
AnalysisAI
Arbitrary code execution in Adobe Acrobat Reader 24.001.30365, 26.001.21651, and earlier versions occurs through a use-after-free condition triggered when a victim opens a malicious PDF file. Successful exploitation runs attacker-supplied code with the privileges of the current user, making this a viable phishing and drive-by document attack vector. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a maliciously crafted PDF document in a vulnerable Adobe Acrobat Reader build (24.001.30365, 26.001.21651, or earlier per the Adobe advisory); no authentication to any service is required of the attacker, but the social-engineering step (UI:R) and the need for the user to actually launch Reader on the file are hard prerequisites. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H yields 7.8 (High): local attack vector with required user interaction but full CIA impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a target a PDF disguised as an invoice, contract, or shared document; when the victim opens the file in a vulnerable Acrobat Reader build, crafted objects trigger the use-after-free and execute attacker shellcode at user privileges. From there the attacker drops a loader, harvests credentials or browser cookies, and pivots to internal resources - entirely within the victim's user context without needing privilege escalation. |
| Remediation | Apply the updates listed in Adobe security bulletin APSB26-63 (https://helpx.adobe.com/security/products/acrobat/apsb26-63.html), which supersedes the vulnerable 24.001.30365 and 26.001.21651 builds; exact fix versions should be taken directly from that advisory rather than inferred. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Issue security alert to all users advising against opening PDF files from untrusted sources; enable email filtering to flag or block suspicious PDF attachments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Remote code execution in Adobe Campaign Classic (ACC) version 7.4.3 build 9394 and earlier allows unauthenticated networ
Server-side request forgery in Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier escalates to arbitrary
Unauthenticated arbitrary file upload in Amasty Order Attributes for Magento 2 before 4.0.0 lets remote attackers drop a
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs via an uncontrol
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier stems from a Use After
Share
External POC / Exploit Code
Leaving vuln.today