Cross-Origin Data Disclosure Vulnerability in Adobe Acrobat PDF Extension for Chrome
CVE-2026-48294

7.4HIGH

Key Information:

Vendor: Adobe
Status: Adobe Acrobat PDF Extension (chrome)
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-48294?

An identified vulnerability in the Adobe Acrobat PDF Extension for Chrome allows for cross-origin data disclosure by enabling unauthorized access to session information. This flaw can be exploited when a user interacts with a specially crafted malicious URL or website, potentially leading to the exposure of sensitive data related to the user's session. Users are advised to remain vigilant and avoid clicking on unknown links or visiting suspicious websites to mitigate potential risks.

Affected Version(s)

Adobe Acrobat PDF Extension (Chrome) 0 <= 26.5.2.2

References

https://chromewebstore.google.com/detail/adobe-acrobat-pd...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 21, 2026

CVE-2026-48294 Data

JSON