EUVD-2026-35820
GHSA-cgvm-cjwc-rjg3
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Articles & Coverage 1
AnalysisAI
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a maliciously crafted PDF, triggering a use-after-free memory corruption flaw. Code runs with the privileges of the current user, and no public exploit identified at time of analysis, though Adobe has released APSB26-63 as the corresponding advisory.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a malicious PDF in a vulnerable Acrobat Reader build (24.001.30365, 26.001.21651, or earlier) - this is the explicit UI:R constraint in the CVSS vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) scores 7.8 High, reflecting full CIA impact but constrained by local attack vector and required user interaction - the user must open a malicious document. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious PDF that triggers the use-after-free during rendering and delivers it via spear-phishing email, watering-hole download, or a shared collaboration link. When the targeted user opens the document in a vulnerable Acrobat Reader build, the freed object is reclaimed with attacker-controlled data, hijacking execution flow and running shellcode in the user's security context - typically followed by loader/stager delivery for persistence. … |
| Remediation | Apply the updates referenced in Adobe security bulletin APSB26-63 (https://helpx.adobe.com/security/products/acrobat/apsb26-63.html), which supersedes the vulnerable 24.001.30365 and 26.001.21651 builds - administrators should consult the bulletin for the exact patched build numbers per track and platform. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all endpoints running Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 or earlier; restrict PDF file handling in Reader where operationally feasible and implement email gateway blocking of PDF attachments from external senders. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs via an uncontrol
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier results from a use-afte
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) occurs when a victim
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is triggered when a
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is possible when a v
Share
External POC / Exploit Code
Leaving vuln.today