wid-sec-w-2026-0674 · Published 2026-03-10 · View on BSI CERT-Bund ↗

Adobe Acrobat DC: Multiple Vulnerabilities

CVSS 7.8 HIGH

Risk Summary

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVEs (3)

CVE-2026-27220 CVE-2026-27278 CVE-2026-27221

Affected Vendors

Adobe

Affected Products (6)

Adobe · Acrobat 2024 <24.001.30356

Adobe · Acrobat 2024 24.001.30356

Adobe · Acrobat DC <25.001.21288

Adobe · Acrobat DC 25.001.21288

Adobe · Acrobat Reader DC <25.001.21288

Adobe · Acrobat Reader DC 25.001.21288

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more