CVE Catalog

CVE-2026-48294

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.59%

44th percentile — higher than 44% of all known CVEs

Summary

Adobe Acrobat PDF Extension for Chrome versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session.

Risk Assessment

The risk involves potential leakage of sensitive session data, which could lead to identity theft or unauthorized account access. Exploitation requires user interaction, but the changed scope increases the impact.

Recommendation

It is recommended to immediately update the Adobe Acrobat PDF Extension for Chrome to the latest available version. Also, instruct users to avoid clicking on suspicious links and visiting untrusted websites.

Original NVD description (English source)

Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS