CVE-2026-47937 – Acrobat Reader

CVSS 7.7 IMPORTANT High with EoP or RCE – Expedited Deployment

“A single malicious PDF can turn a routine document review into a security event.”

Adobe released updates for Acrobat Reader to address multiple vulnerabilities affecting versions 24.001.30365, 26.001.21651, and earlier. The update resolves several memory corruption issues, including out-of-bounds write and Use After Free vulnerabilities that could result in arbitrary code execution in the context of the current user when a victim opens a malicious file. The patch also addresses information disclosure vulnerabilities and an uncontrolled search path issue that could lead to code execution.

CVE-2026-47911, CVE-2026-47912, CVE-2026-47913, CVE-2026-47915, and CVE-2026-47916 each have a CVSS score of 7.8, which is High severity. CVE-2026-47937 has a CVSS score of 7.4, which is High severity. CVE-2026-47923 and CVE-2026-47924 each have a CVSS score of 5.5, which is Medium severity.

The highest risk vulnerabilities could allow arbitrary code execution after a user opens a specially crafted PDF file. The remaining vulnerabilities could expose sensitive memory contents or enable privilege-related abuse. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed for these vulnerabilities.

Key Details

Affected Product
Adobe Acrobat Dc
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
CWE Classification
CWE-427
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.