Acrobat Reader Improper Cert Validation v24.001.30307-v25.001.21265
CVE-2026-27221 Published on March 10, 2026
Acrobat Reader | Improper Certificate Validation (CWE-295)
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.
Vulnerability Analysis
CVE-2026-27221 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Products Associated with CVE-2026-27221
stack.watch emails you whenever new vulnerabilities are published in Adobe Acrobat or Adobe Reader. Just hit a watch button to start following.
Affected Versions
Adobe Acrobat Reader:- Before and including 25.001.21265 is affected.