Adobe Acrobat Reader DC Vulnerability Allows Remote Code Execution
Zero Day Initiative has disclosed CVE-2026-27220, a use-after-free vulnerability in Adobe Acrobat Reader DC's annotation handling that permits remote code execution.
The Zero Day Initiative (ZDI) has publicly disclosed a critical remote code execution vulnerability affecting Adobe Acrobat Reader DC. Identified as ZDI-26-355 and tracked under CVE-2026-27220, the flaw resides within the software's handling of annotation objects.
The vulnerability stems from an issue where the application fails to properly validate the existence of an object before performing operations on it. This use-after-free condition can be triggered by attackers to execute arbitrary code within the context of the current process. Successful exploitation requires user interaction, meaning a victim must open a specially crafted malicious file or visit a compromised webpage that embeds such a file.
The CVSS score for this vulnerability is rated at 7.8, classifying it as High severity. The score breakdown (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates it is locally exploitable (though the context is remote code execution, implying the initial access vector is often remote), requires low attack complexity, no privileges, user interaction, affects the system scope, and has high impact on confidentiality, integrity, and availability.
Adobe has acknowledged the vulnerability and has released security updates to address it. Users of Adobe Acrobat Reader DC are strongly advised to apply the available patches promptly to mitigate the risk of exploitation. The advisory from Adobe, APSB26-26, provides further details on the affected versions and the specific fixes implemented.
The vulnerability was initially reported to Adobe on February 3rd, 2026, and the coordinated public release of the advisory occurred on June 10th, 2026, following standard disclosure timelines. The research leading to the discovery of this flaw is credited to Mark Vincent Yason.
This disclosure highlights the ongoing security challenges associated with widely used PDF readers, which often serve as a primary vector for malware delivery. Attackers frequently target these applications due to their large user base and the complex nature of document parsing, which can hide subtle memory corruption vulnerabilities.
While user interaction is required, the prevalence of Adobe Acrobat Reader DC makes this a significant target. Organizations should ensure their endpoint security solutions are updated and that users are educated about the risks of opening untrusted files or visiting suspicious websites. Prompt patching remains the most effective defense against such threats.
The vulnerability's nature, a use-after-free flaw in object handling, is a common pattern in software vulnerabilities that can lead to memory corruption and subsequent code execution. Security researchers continue to find and report such issues, emphasizing the need for robust memory safety practices in software development.