Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3843 articles · 169523 vulns · 37/41 feeds (7d)
← Back to list
7.8
CVE-2026-27220PATCHED
adobe · acrobat_dc

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current

Description

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Products

VendorProductVersions
adobeacrobat_dc< 25.001.21288, < 25.001.21288, < 24.001.30356

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
adobeacrobat_reader_dccve_cpe95%
adobeacrobatcve_cpe95%
adobeacrobat reader dccert_advisory90%
adobeacrobat dccert_advisory90%
applemacoscve_cpe95%

References

  • https://helpx.adobe.com/security/products/acrobat/apsb26-26.html(Vendor Advisory)

Related News (3 articles)

Tier B
JPCERT/CC
Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)
→ No new info (linked only)
Tier B
BSI Advisories5d ago
[UPDATE] [mittel] Adobe Acrobat DC: Mehrere Schwachstellen
→ No new info (linked only)
Tier B
BSI Advisories81d ago
[NEU] [UNGEPATCHT] [kritisch] Adobe Acrobat Reader: Schwachstelle ermöglicht Erlangen von Administratorrechten
→ No new info (linked only)
CVSS 3.17.8 HIGH
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited❌ No
Patch available
25.001.2128824.001.30356
CWECWE-416
PublishedMar 10, 2026
Last enriched90d ago
Tags
remote code executionprivilege escalationinformation disclosurecritical
Trending Score20
Source articles3
Independent2
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-34621EXPKEV
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
Trending: 162
CRITICALCVE-2026-48282EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 60
CRITICALCVE-2026-48314EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 56
HIGHCVE-2026-48285EXP
ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)
Trending: 52
CRITICALCVE-2026-48315EXP
ColdFusion | Improper Input Validation (CWE-20)
Trending: 51

Pin to Dashboard

Verification

State: verified
Confidence: 100%

Vulnerability Timeline

CVE Published
Mar 10, 2026
Patch Available
Mar 11, 2026
Discovered by ZDM
Apr 1, 2026