CVE-2026-27221
Received Received - Intake
Improper Certificate Validation in Acrobat Reader Enables Spoofing

Publication date: 2026-03-10

Last updated on: 2026-03-11

Assigner: Adobe Systems Incorporated

Description
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-14
NVD
CVE-2026-27221
EUVD
EUVD-2026-10901
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
adobe acrobat_dc to 25.001.21288 (exc)
adobe acrobat_reader_dc to 25.001.21288 (exc)
adobe acrobat From 24.001.20604 (inc) to 24.001.30356 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can impact you by allowing an attacker to spoof the identity of a signer in a document.

Such spoofing could lead to trusting forged or malicious documents, potentially causing misinformation or unauthorized actions based on the false identity.

However, exploitation requires user interaction, so the risk depends on user behavior.

Compliance Impact

I don't know

Executive Summary

This vulnerability affects certain versions of Acrobat Reader (24.001.30307, 24.001.30308, 25.001.21265 and earlier) and is caused by improper certificate validation.

Because of this flaw, an attacker could bypass security features by spoofing the identity of a signer.

Exploitation requires user interaction, meaning the user must take some action for the attack to succeed.

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27221. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart