Description
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://helpx.adobe.com/security/products/acrobat/apsb26-26.html
Scores
CVSS v3
5.5
EPSS
0.0010
EPSS Percentile
1.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-295
Status
published
Products (3)
adobe/acrobat
24.001.20604 - 24.001.30356
adobe/acrobat_dc
< 25.001.21288
adobe/acrobat_reader_dc
< 25.001.21288
Published
Mar 10, 2026
Tracked Since
Mar 11, 2026