Adobe Acrobat Reader DC Use-After-Free Vulnerability (CVE-2026-27278) Allows Remote Code Execution
A use-after-free vulnerability in Adobe Acrobat Reader DC's Field signatureInfo component, tracked as CVE-2026-27278 with a CVSS score of 7.8, could allow remote attackers to execute arbitrary code by tricking users into opening a malicious file or visiting a malicious page.
Adobe has patched a critical use-after-free vulnerability in Acrobat Reader DC that could allow remote code execution. The flaw, disclosed by the Zero Day Initiative (ZDI) as ZDI-26-361 and tracked as CVE-2026-27278, carries a CVSS score of 7.8 and affects the Field signatureInfo component of the popular PDF reader.
The vulnerability stems from improper validation of object existence before performing operations on it. Specifically, the issue resides in how Acrobat Reader DC handles Field objects during signature information processing. An attacker can exploit this by crafting a malicious PDF file or web page that triggers the use-after-free condition when the victim opens it in a vulnerable version of the software.
Successful exploitation requires user interaction — the target must open a malicious file or visit a malicious page. Once triggered, the vulnerability grants the attacker code execution in the context of the current user. This makes it a significant threat, especially in enterprise environments where users routinely open PDF attachments or browse untrusted content.
Adobe has released a security update to address this flaw, detailed in advisory APSB26-26. Users are strongly urged to update their Acrobat Reader DC installations immediately. The patch was coordinated through ZDI's disclosure process, with the researcher Mark Vincent Yason (markyason.github.io) credited for reporting the vulnerability.
This vulnerability adds to a growing list of use-after-free bugs in widely deployed software. While Adobe has a history of patching such issues in Acrobat Reader, the prevalence of the software means unpatched systems remain attractive targets for attackers seeking initial access or code execution in phishing campaigns.
Organizations should prioritize applying the latest Adobe Acrobat Reader DC update and consider implementing application whitelisting or sandboxing for PDF processing to reduce the attack surface. Users are advised to enable automatic updates and avoid opening PDFs from untrusted sources until the patch is applied.