Adobe Acrobat PDF Ext. Chrome UXSS CVE-2026-48294 (26.5.2.2)
CVE-2026-48294 Published on June 16, 2026
Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Vulnerability Analysis
CVE-2026-48294 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2026-48294 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2026-48294
Want to know whenever a new CVE is published for Adobe Acrobat? stack.watch will email you.
Affected Versions
Adobe Acrobat PDF Extension (Chrome):- Before and including 26.5.2.2 is affected.