CVE-2026-47924 – Acrobat Reader
“A single malicious PDF can turn a routine document review into a security event.”
Adobe released updates for Acrobat Reader to address multiple vulnerabilities affecting versions 24.001.30365, 26.001.21651, and earlier. The update resolves several memory corruption issues, including out-of-bounds write and Use After Free vulnerabilities that could result in arbitrary code execution in the context of the current user when a victim opens a malicious file. The patch also addresses information disclosure vulnerabilities and an uncontrolled search path issue that could lead to code execution.
CVE-2026-47911, CVE-2026-47912, CVE-2026-47913, CVE-2026-47915, and CVE-2026-47916 each have a CVSS score of 7.8, which is High severity. CVE-2026-47937 has a CVSS score of 7.4, which is High severity. CVE-2026-47923 and CVE-2026-47924 each have a CVSS score of 5.5, which is Medium severity.
The highest risk vulnerabilities could allow arbitrary code execution after a user opens a specially crafted PDF file. The remaining vulnerabilities could expose sensitive memory contents or enable privilege-related abuse. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed for these vulnerabilities.
Key Details
- Affected Product
- Adobe Acrobat Dc
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-416