How is CVE-2026-47911 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network-facing service exposure is required to trigger this vulnerability. Authentication (not-required): No account credentials or prior authentication are needed to deliver or trigger the malicious file. Victim interaction (required): The victim must open a attacker-supplied malicious file, making social engineering (phishing, malicious email attachment, or poisoned download) the primary delivery vector. Attack complexity (info): The exploit is reliable and condition-free once the victim opens the file; no race conditions, memory-layout dependencies, or environmental prerequisites are noted in the CVSS vector.

What is the impact of CVE-2026-47911?

Executes arbitrary code as the logged-in user, giving the attacker full control over any files, processes, and credentials accessible to that account. Reads sensitive documents, stored credentials, and session tokens present in the user profile or mounted network shares. Writes or overwrites files on disk, including application binaries and configuration files reachable by the current user. Crashes or terminates the Acrobat Reader process and any dependent workflows, disrupting document-processing pipelines.

Back to search

HIGHCVE-2026-47911Published 2026-06-09Modified 2026-06-10CNA adobe

CVE-2026-47911: Acrobat Reader | Out-of-bounds Write (CWE-787)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS v3.1: 7.8
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An out-of-bounds write vulnerability affects Adobe Acrobat Reader versions 26.001.21651 and earlier (including 24.001.30365 and earlier on the 24.x branch). The vulnerability is triggered locally when a user opens a specially crafted file, requiring no prior authentication but needing the victim to open the malicious document. Successful exploitation gives an attacker arbitrary code execution running as the current user, enabling full control over files and processes accessible to that account. No patched version has been published yet; HarborGuard tracks this advisory and will make a rebuilt image available as soon as Adobe releases a fix.

HarborGuard Coverage

Detection

Detection for CVE-2026-47911 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle Acrobat Reader. Any image in a connected registry or CI pipeline containing an affected Reader version is flagged automatically.

Available

Triage

HarborGuard is capable of scoring this CVE at its published CVSS 3.1 severity of 7.8 (HIGH) and weighting that score against each environment's compliance policy to determine escalation priority. Triage routing can direct findings to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

Because no fix version has been published by Adobe, HarborGuard re-checks this advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. In the interim, customers can apply compensating controls such as network-policy isolation or process-level restrictions through HarborGuard's policy engine to reduce exposure.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network-facing service exposure is required to trigger this vulnerability.
AuthenticationNot required
No account credentials or prior authentication are needed to deliver or trigger the malicious file.
Victim interactionRequired
The victim must open a attacker-supplied malicious file, making social engineering (phishing, malicious email attachment, or poisoned download) the primary delivery vector.
Attack complexityDetail
The exploit is reliable and condition-free once the victim opens the file; no race conditions, memory-layout dependencies, or environmental prerequisites are noted in the CVSS vector.

Blast Radius

Executes arbitrary code as the logged-in user, giving the attacker full control over any files, processes, and credentials accessible to that account.
Reads sensitive documents, stored credentials, and session tokens present in the user profile or mounted network shares.
Writes or overwrites files on disk, including application binaries and configuration files reachable by the current user.
Crashes or terminates the Acrobat Reader process and any dependent workflows, disrupting document-processing pipelines.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of the Adobe advisory for CVE-2026-47911 on every ingest cycle, with automatic re-evaluation of all affected images as soon as Adobe publishes a fix. Because no upstream patch exists today, customers are encouraged to apply compensating controls within their HarborGuard policy configuration, including restricting container images that bundle Acrobat Reader from processing untrusted document inputs, applying egress-filtering rules to limit what a compromised process can reach, and flagging any pipeline stage that delivers user-supplied files to a Reader-based service for additional review. For customers with auto-remediation enabled, a patched-image rebuild, regression-test run, and PR opened against affected workloads will be triggered automatically the moment a fix version is published upstream, with median time from CVE patch publication to merged PR around 90 minutes for HIGH-severity issues in environments with auto-remediation active.

See how HarborGuard automates this

Affected packages

Adobe / Acrobat Reader
≤ 26.001.21651

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

helpx.adobe.com

Metrics

Get notified