CVE-2026-47914

Analyzed Analyzed - Analysis Complete

Use After Free in Adobe Acrobat Reader

Publication date: 2026-06-09

Last updated on: 2026-06-11

Assigner: Adobe Systems Incorporated

Description

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-11

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-47914

Affected Vendors & Products

Vendor	Product	Version / Range
adobe	acrobat	to 26.001.21662 (exc)
adobe	acrobat	to 24.001.30383 (exc)
adobe	acrobat_reader	to 26.001.21662 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-416	The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Attack-Flow Graph

Executive Summary

This vulnerability is a Use After Free issue found in certain versions of Acrobat Reader (24.001.30365, 26.001.21651 and earlier). It occurs when the program tries to use memory after it has been freed, which can lead to unexpected behavior.

If exploited, this vulnerability could allow an attacker to execute arbitrary code with the privileges of the current user.

Exploitation requires user interaction, meaning the victim must open a specially crafted malicious file to trigger the vulnerability.

Impact Analysis

If exploited, this vulnerability can lead to arbitrary code execution in the context of the current user.

This means an attacker could potentially run malicious code, steal data, install malware, or take control of the affected system with the same permissions as the user who opened the malicious file.

Since exploitation requires user interaction, the risk depends on whether a user opens a malicious file.

Mitigation Strategies

To mitigate this vulnerability, ensure that users do not open malicious files that could trigger the Use After Free vulnerability in affected Acrobat Reader versions.

Additionally, update Acrobat Reader to a version later than 24.001.30365 or 26.001.21651, as these versions and earlier are affected.

Since exploitation requires user interaction, educating users about the risks of opening suspicious files can also help reduce exposure.

Hi! I’m here to help you understand CVE-2026-47914. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70