CVE-2026-47924

Analyzed Analyzed - Analysis Complete

Use After Free in Adobe Acrobat Reader

Publication date: 2026-06-09

Last updated on: 2026-06-12

Assigner: Adobe Systems Incorporated

Description

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-12

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-47924

Affected Vendors & Products

Vendor	Product	Version / Range
adobe	acrobat_dc	From 15.008.20082 (inc) to 26.001.21662 (exc)
adobe	acrobat_reader_dc	From 15.008.20082 (inc) to 26.001.21662 (exc)
adobe	acrobat	From 24.0.0 (inc) to 24.001.30383 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-416	The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Attack-Flow Graph

Mitigation Strategies

To mitigate this vulnerability, ensure that users do not open malicious files that could trigger the Use After Free vulnerability in affected Acrobat Reader versions.

Additionally, update Acrobat Reader to a version later than 24.001.30365 or 26.001.21651, as these versions and earlier are affected.

Since exploitation requires user interaction, educating users about the risks of opening suspicious files can also help reduce exposure.

Executive Summary

This vulnerability is a Use After Free issue in Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier. It occurs when the program accesses memory that has already been freed, which can lead to the disclosure of sensitive information stored in memory.

An attacker can exploit this vulnerability by tricking a user into opening a malicious file, which then triggers the vulnerability and allows the attacker to access sensitive memory data.

Impact Analysis

The primary impact of this vulnerability is the potential disclosure of sensitive information from the affected system's memory.

Since exploitation requires user interaction (opening a malicious file), the risk depends on user behavior and exposure to malicious files.

The vulnerability does not affect integrity or availability, but the confidentiality of sensitive data could be compromised.

Compliance Impact

This vulnerability in Acrobat Reader could lead to the disclosure of sensitive information due to a Use After Free flaw. Such unauthorized disclosure of sensitive data may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information.

However, exploitation requires user interaction, specifically opening a malicious file, which may influence the risk assessment and mitigation strategies under these standards.

Hi! I’m here to help you understand CVE-2026-47924. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70