CVE Catalog

CVE-2026-47937

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile - higher than 4% of all known CVEs

Summary

An Uncontrolled Search Path Element vulnerability in Acrobat Reader allows arbitrary code execution in the context of the current user. An attacker with high privileges can exploit this, requiring user interaction (opening a malicious file). The scope is changed.

Risk Assessment

The risk for the organization is the potential takeover of a user's workstation by an attacker with high privileges, leading to data theft or further network propagation.

Recommendation

Immediately update Acrobat Reader to version 24.001.30366, 26.001.21652 or later. Also restrict opening files from untrusted sources.

Original NVD description (English source)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS