7.7

CVE-2026-47937

Acrobat Reader | Uncontrolled Search Path Element (CWE-427)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat Dc SwEditioncontinuous Version >= 15.008.20082 < 26.001.21662
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat Reader Dc SwEditioncontinuous Version >= 15.008.20082 < 26.001.21662
   ApplemacOS Version-
   MicrosoftWindows Version-
AdobeAcrobat SwEditionclassic Version >= 24.0.0 < 24.001.30383
   ApplemacOS Version-
   MicrosoftWindows Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.047
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.7 1.1 6
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
psirt@adobe.com 7.7 1.1 6
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://helpx.adobe.com/security/products/acrobat/apsb26-63.html
Vendor Advisory