Cyber Resilience

CVE-2026-47937

HighUpdated

Published: 09 June 2026

Published
09 June 2026
Modified
23 June 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0015 4.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-47937 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Apple Macos. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Search Order Hijacking (T1574.008); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to…

more

execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.008 Path Interception by Search Order Hijacking Stealth
Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs.
Why these techniques?

CWE-427 uncontrolled search path directly enables T1574.008 Path Interception by Search Order Hijacking for arbitrary code execution via malicious DLLs.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

adobe
acrobat dc
15.008.20082 — 26.001.21662
adobe
acrobat reader dc
15.008.20082 — 26.001.21662
adobe
acrobat
24.0.0 — 24.001.30383

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References