Uncontrolled Search Path Element in Acrobat Reader by Adobe
CVE-2026-47937

7.7HIGH

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-47937?

Adobe Acrobat Reader is affected by an Uncontrolled Search Path Element vulnerability that may allow an attacker to execute arbitrary code within the context of the current user. Exploitation necessitates user intervention, as it requires the user to open a specially crafted malicious file. This elevates the risk to users who may inadvertently expose themselves to malicious content, particularly when handling files from untrusted sources.

Affected Version(s)

Acrobat Reader 0 <= 26.001.21651

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.