7.7
CVE-2026-47937
- EPSS 0.15%
- Veröffentlicht 09.06.2026 20:05:51
- Zuletzt bearbeitet 29.06.2026 14:19:57
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Acrobat Reader | Uncontrolled Search Path Element (CWE-427)
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= 15.008.20082 < 26.001.21662
Adobe ≫ Acrobat Reader Dc SwEditioncontinuous Version >= 15.008.20082 < 26.001.21662
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.047 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.7 | 1.1 | 6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
|
| psirt@adobe.com | 7.7 | 1.1 | 6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
https://helpx.adobe.com/security/products/acrobat/apsb26-63.html