Skip to content
Auto-CTI
Back to today
NEW HIGH A2

CVE-2026-47965

A NVD · · CVE-2026-47965

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key metrics

CVSS
7.8
EPSS
0%

Key insight

The vulnerability enables remote code execution with user interaction and affects Acrobat Reader versions deployed across many production environments.

Description

CVE-2026-47965 is an out-of-bounds write vulnerability in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction , a victim must open a malicious file. The vulnerability is not documented as actively exploited but requires timely patching to affected versions.

Risk score

71
cvss base
78.00
kev bonus
0.00
epss bonus
0.00
poc bonus
0.00
raw before weight
78.00
industry weight
1.21
freshness factor
1.00
exploitability factor
0.75
days old
0.00
vendor mismatch penalty
0.00

Path: operational

MITRE ATT&CK mapping

2 TTPs
Recon
Resource Dev
Initial Access
T1566.001 Spearphishing Attachment
Execution
T1203 Exploitation for Client Execution
Persistence
Priv. Escal.
Def. Evasion
Cred. Access
Discovery
Lateral Mov.
Collection
C2
Exfiltration
Impact
Conf.: high medium low

Procedure details

Technique Tactic Procedure Conf. Source
T1203
Exploitation for Client Execution
 Execution CVE-2026-47965 is an out-of-bounds write vulnerability in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) that allows arbitrary code execution in the context of the current user when a victim opens a malicious file. high llm
T1566.001
Spearphishing Attachment
 Initial Access Exploitation of CVE-2026-47965 requires user interaction where a victim must open a malicious file, consistent with delivering a weaponized PDF as a phishing attachment to trigger the Acrobat Reader vulnerability. medium llm
ESC