CVE-2026-48294
HighCVSS 7.4Exploitation Probability (EPSS)
Low risk44th percentile — higher than 44% of all known CVEs
Summary
Adobe Acrobat PDF Extension for Chrome versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session.
Risk Assessment
The risk involves potential leakage of sensitive session data, which could lead to identity theft or unauthorized account access. Exploitation requires user interaction, but the changed scope increases the impact.
Recommendation
It is recommended to immediately update the Adobe Acrobat PDF Extension for Chrome to the latest available version. Also, instruct users to avoid clicking on suspicious links and visiting untrusted websites.
Original NVD description (English source)
Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

