CVE-2026-27220
Published: 10 March 2026
Summary
CVE-2026-27220 is a high-severity Use After Free (CWE-416) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 14.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-27220 is a Use After Free vulnerability (CWE-416) affecting Adobe Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265, and earlier. The flaw occurs in the software's processing of PDF files and can lead to arbitrary code execution in the context of the current user. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact potential with low complexity but requiring local access and user interaction.
Exploitation requires an attacker to deliver a specially crafted malicious PDF file to a target system, tricking the victim into opening it with a vulnerable version of Acrobat Reader. No special privileges are needed (PR:N), and the attack complexity is low (AC:L), making it feasible for attackers with local access to the victim's machine. Successful exploitation allows arbitrary code execution with the privileges of the current user, potentially enabling full system compromise, data theft, or persistence if the user has elevated rights.
Adobe has published Security Bulletin APSB26-26 at https://helpx.adobe.com/security/products/acrobat/apsb26-26.html, which provides details on affected versions and recommends applying the latest security updates to mitigate the vulnerability. Practitioners should prioritize patching Acrobat Reader installations and advise users against opening untrusted PDF files.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10898
Vulnerability details
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…
more
victim must open a malicious file.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in Acrobat Reader PDF processing enables client-side RCE (T1203) when a user opens a malicious PDF (T1204.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates identification, reporting, and correction of software flaws like this Use After Free vulnerability through timely patching of affected Acrobat Reader versions.
Implements memory protection safeguards such as DEP and ASLR that prevent unauthorized code execution from Use After Free exploits in PDF processing.
Deploys malicious code protection mechanisms at system entry points to scan and block specially crafted malicious PDF files targeting the vulnerability.