CVE-2023-26369
HIGH KEVAcrobat Reader <23.003.20284, <20.005.30516, <20.005.30514 - RCE
Title source: llmExploitation Summary
CVE-2023-26369 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 14, 2023.
Description
Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26369
Vendor Advisory vendor-advisory
https://helpx.adobe.com/security/products/acrobat/apsb23-34.html
Scores
CVSS v3
7.8
EPSS
0.0081
EPSS Percentile
74.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-09-14
VulnCheck KEV
2023-09-12
InTheWild.io
2023-09-12
ENISA EUVD
EUVD-2023-30189
CWE
CWE-787
Status
published
Products (4)
adobe/acrobat
20.001.3005 - 20.005.30524
adobe/acrobat_dc
15.007.20033 - 23.006.20320
adobe/acrobat_reader
20.001.3005 - 20.005.30524
adobe/acrobat_reader_dc
15.007.20033 - 23.006.20320
Published
Sep 13, 2023
KEV Added
Sep 14, 2023
Tracked Since
Feb 18, 2026