SB2026060956 - Multiple vulnerabilities in Adobe Acrobat and Reader

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026060956

SB2026060956 - Multiple vulnerabilities in Adobe Acrobat and Reader

Published: June 9, 2026

Security Bulletin ID SB2026060956
CSH Severity
High
Patch available
YES
Number of vulnerabilities 20
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 75% Medium 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 20 vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2026-47959)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to stack-based buffer overflow in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


2) Use-after-free (CVE-ID: CVE-2026-47955)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


3) Out-of-bounds read (CVE-ID: CVE-2026-47926)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to disclose sensitive information.

User interaction is required to open a crafted file.


4) Integer overflow (CVE-ID: CVE-2026-47925)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to integer overflow or wraparound in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to cause a denial of service.

User interaction is required to open a crafted file.


5) Use-after-free (CVE-ID: CVE-2026-47924)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to disclose sensitive information.

User interaction is required to open a crafted file.


6) Out-of-bounds read (CVE-ID: CVE-2026-47923)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to disclose sensitive information.

User interaction is required to open a crafted file.


7) Out-of-bounds read (CVE-ID: CVE-2026-47961)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to disclose sensitive information.

User interaction is required to open a crafted file.


8) Insecure DLL loading (CVE-ID: CVE-2026-47937)

CWE-ID: CWE-427 - Uncontrolled Search Path Element

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to uncontrolled search path element in Adobe Acrobat and Reader when loading resources from the search path. A local privileged user can place a malicious file in a searched location to execute arbitrary code.

User interaction is required to open a crafted file.


9) Heap-based buffer overflow (CVE-ID: CVE-2026-47952)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


10) Out-of-bounds write (CVE-ID: CVE-2026-47911)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to out-of-bounds write in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


11) Use-after-free (CVE-ID: CVE-2026-47921)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


12) Use-after-free (CVE-ID: CVE-2026-47920)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


13) Use-after-free (CVE-ID: CVE-2026-47919)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


14) Use-after-free (CVE-ID: CVE-2026-47918)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


15) Use-after-free (CVE-ID: CVE-2026-47917)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


16) Use-after-free (CVE-ID: CVE-2026-47916)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


17) Use-after-free (CVE-ID: CVE-2026-47915)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


18) Use-after-free (CVE-ID: CVE-2026-47914)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


19) Use-after-free (CVE-ID: CVE-2026-47913)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


20) Use-after-free (CVE-ID: CVE-2026-47912)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Adobe Acrobat and Reader when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


Remediation

Install update from vendor's website.

References