CVE-2026-27278 – Adobe Acrobat and Reader Security Update (March 10, 2026)

Adobe released security updates on March 10, 2026, addressing multiple vulnerabilities in Adobe Acrobat and Adobe Reader for Windows and macOS. The update resolves memory management issues and signature validation weaknesses that could allow attackers to execute arbitrary code or escalate privileges if a user opens a specially crafted PDF file.

Two vulnerabilities involve use-after-free memory conditions that could enable arbitrary code execution. CVE-2026-27220 has a CVSS score of 7.8, which is High severity. CVE-2026-27278 has a CVSS score of 7.8, which is High severity. A separate issue involving improper verification of cryptographic signatures could allow privilege escalation within the application. CVE-2026-27221 has a CVSS score of 5.5, which is Medium severity.

Adobe addressed these issues in updated versions of Acrobat DC, Acrobat Reader DC, and Acrobat 2024. Successful exploitation would typically require a user to open a malicious PDF file crafted by an attacker. At the time of release, there are no verified reports of real-world exploitation.