Adobe Reader
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Reader.
Recent Adobe Reader Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB26-63 | Security Bulletin for Adobe Acrobat and Reader | APSB26-63 | June 9, 2026 |
| APSB26-44 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB26-44 | April 14, 2026 |
| APSB26-43 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB26-43 | April 11, 2026 |
| APSB26-26 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB26-26 | March 10, 2026 |
| APSB25-119 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-119 | December 9, 2025 |
| APSB25-85 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-85 | September 9, 2025 |
| APSB25-57 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-57 | June 10, 2025 |
| APSB25-14 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-14 | March 11, 2025 |
| APSB24-92 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-92 | December 10, 2024 |
| APSB24-70 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-70 | September 10, 2024 |
Known Exploited Adobe Reader Vulnerabilities
The following Adobe Reader vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Adobe Reader Buffer Overflow Vulnerability |
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution. CVE-2013-0641 Exploit Probability: 32.4% |
March 3, 2022 |
The vulnerability CVE-2013-0641: Adobe Reader Buffer Overflow Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 26 vulnerabilities in Adobe Reader with an average score of 7.3 out of ten. Last year, in 2025 Reader had 4 security vulnerabilities published. That is, 22 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.71.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 26 | 7.26 |
| 2025 | 4 | 5.55 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 0.00 |
It may take a day or so for new Reader vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Reader Security Vulnerabilities
U.S.P.E. in Adobe Acrobat Reader 24.001.30365/26.001.21651 & prior
CVE-2026-47937
7.4 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
DLL preloading
Acrobat Reader UAF before 26.001.21651: AAExec via malicious file
CVE-2026-47916
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Use-After-Free (UAF) in Adobe Acrobat Reader <=26.001.21651
CVE-2026-47918
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader <24.001.30365/26.001.21651: UAF Arbitrary Exec
CVE-2026-47915
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader OOB Read v24-26 Disclosed
CVE-2026-47923
5.5 - Medium
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Heap-based Buffer Overflow in Acrobat Reader before 26.001.21652
CVE-2026-47952
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe Acrobat Reader UAF 24/26, Arbitrary Code Execution
CVE-2026-47917
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader 24.001.30365 & 26.001.21651 Use After Free RCE
CVE-2026-47955
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader UEFAF Vulnerability <26.001.21651
CVE-2026-47924
5.5 - Medium
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader Use-After-Free in PDF Parser 24.x/26.x
CVE-2026-47919
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader 24.001.x-26.001.x OOBR memory disclosure
CVE-2026-47926
5.5 - Medium
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader UAF in 24.001.30365/26.001.21651 Arbitrary Code Exec
CVE-2026-47921
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader < 26 UAF in PDF Parser (exploit requires user interaction)
CVE-2026-47920
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader OOB Read (v <24.001.30365)
CVE-2026-47961
5.5 - Medium
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Acrobat Reader UAF Before 26.001.21651
CVE-2026-47913
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Use-After-Free in Adobe Acrobat Reader <26.001.21651
CVE-2026-47914
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader 24/26 Integer Overflow DoS (CVE202647925)
CVE-2026-47925
5.5 - Medium
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer Overflow or Wraparound
Acrobat Reader UAF in CVE-2026-47912, before 27 code exec
CVE-2026-47912
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader Stack Buffer Overflow before 26.0 (Arbitrary Code Execution)
CVE-2026-47959
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Stack Overflow
Acrobat Reader OOB Write CVE-2026-47911 Before 26.001.21651
CVE-2026-47911
7.8 - High
- June 09, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Acrobat Reader <26.001.21411 Prototype Pollution Code Exec
CVE-2026-34622
8.6 - High
- April 14, 2026
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Prototype Pollution
Acrobat Reader <=26.0 Prototype Pollution Arbitrary FS Read
CVE-2026-34626
6.3 - Medium
- April 14, 2026
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Prototype Pollution
Acrobat Reader 24/26 Prototype Pollution ARC
CVE-2026-34621
8.6 - High
- April 11, 2026
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Prototype Pollution
Acrobat Reader Improper Cert Validation v24.001.30307-v25.001.21265
CVE-2026-27221
5.5 - Medium
- March 10, 2026
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.
Improper Certificate Validation
Adobe Acrobat Reader UAF in v24.001.30307-25.001.21265
CVE-2026-27278
7.8 - High
- March 10, 2026
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader UA-Free CVE-2026-27220 (V24.001.3030725.001.21265)
CVE-2026-27220
7.8 - High
- March 10, 2026
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader OOB Read before 25.001.20982: PDF Parser Vulnerability
CVE-2025-64899
7.8 - High
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader Untrusted Search Path before 25.001.20982
CVE-2025-64785
7.8 - High
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that the user needs to open a malicious file.
Untrusted Path
Acrobat Reader 25.001.20982 Improper Signature Verify - Write Access Bypass
CVE-2025-64786
3.3 - Low
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature.
Improper Verification of Cryptographic Signature
Acrobat Reader Improper Crypto Signature Verification V<25.001.20983
CVE-2025-64787
3.3 - Low
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature.
Improper Verification of Cryptographic Signature
Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability
CVE-2020-9663
- July 22, 2020
Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure.
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file
CVE-2011-0611
8.8 - High
- April 13, 2011
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
Object Type Confusion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Reader or by Adobe? Click the Watch button to subscribe.
