CVE-2019-7069

HIGH

Adobe Acrobat and Reader <2019.010.20069 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-7069. PoCs published by CaelumIsMe.

AI-analyzed exploit summary This is a Python 3 exploit for CVE-2019-7609, targeting Kibana versions < 6.6.1. It leverages prototype pollution in the Timelion visualizer to achieve remote code execution, including reverse shell functionality.

Description

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

Exploits (1)

nomisec WORKING POC
by CaelumIsMe · poc
https://github.com/CaelumIsMe/CVE-2019-7069-POC

This is a Python 3 exploit for CVE-2019-7609, targeting Kibana versions < 6.6.1. It leverages prototype pollution in the Timelion visualizer to achieve remote code execution, including reverse shell functionality.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kibana < 6.6.1
No auth needed
Prerequisites: Network access to vulnerable Kibana instance · Python 3.x with requests and packaging libraries
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/acrobat/apsb19-07.html

Scores

CVSS v3 8.8
EPSS 0.0451
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-843
Status published
Products (4)
adobe/acrobat_dc 15.006.30060 - 15.006.30475
adobe/acrobat_dc 15.008.20082 - 19.010.20091
adobe/acrobat_reader_dc 15.006.30060 - 15.006.30475
adobe/acrobat_reader_dc 15.008.20082 - 19.010.20091
Published May 24, 2019
Tracked Since Feb 18, 2026