Vulnerability-Lookup

CVE-2026-27221 (GCVE-0-2026-27221)

Vulnerability from cvelistv5 – Published: 2026-03-10 21:41 – Updated: 2026-03-11 13:08

Title

Acrobat Reader | Improper Certificate Validation (CWE-295)

Summary

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-295 - Improper Certificate Validation (CWE-295)

Assigner

adobe

References

URL

Tags

https://helpx.adobe.com/security/products/acrobat…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Acrobat Reader	Affected: 0 , ≤ 25.001.21265 (semver)

Date Public ?

2026-03-10 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27221",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T03:57:08.259918Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T13:08:15.923Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Acrobat Reader",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "25.001.21265",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-03-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.5,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "Improper Certificate Validation (CWE-295)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-10T21:41:36.952Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Acrobat Reader | Improper Certificate Validation (CWE-295)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-27221",
    "datePublished": "2026-03-10T21:41:36.952Z",
    "dateReserved": "2026-02-18T22:02:41.380Z",
    "dateUpdated": "2026-03-11T13:08:15.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-27221\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2026-03-10T22:16:18.090\",\"lastModified\":\"2026-03-11T18:15:14.850\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.\"},{\"lang\":\"es\",\"value\":\"Las versiones de Acrobat Reader 24.001.30307, 24.001.30308, 25.001.21265 y anteriores est\u00e1n afectadas por una vulnerabilidad de Validaci\u00f3n de Certificado Inapropiada que podr\u00eda resultar en una omisi\u00f3n de caracter\u00edstica de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para suplantar la identidad de un firmante. La explotaci\u00f3n de este problema requiere interacci\u00f3n del usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*\",\"versionEndExcluding\":\"25.001.21288\",\"matchCriteriaId\":\"02783E59-AA2E-4AC3-9675-6487AE0C9068\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*\",\"versionEndExcluding\":\"25.001.21288\",\"matchCriteriaId\":\"70AABB39-8370-495D-AC09-2F30A1AB83AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*\",\"versionStartIncluding\":\"24.001.20604\",\"versionEndExcluding\":\"24.001.30356\",\"matchCriteriaId\":\"9F95602E-25EA-45D7-9A60-DC7A01CD6AFE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://helpx.adobe.com/security/products/acrobat/apsb26-26.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Acrobat Reader | Improper Certificate Validation (CWE-295)\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"modifiedScope\": \"UNCHANGED\", \"temporalScore\": 5.5, \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"remediationLevel\": \"NOT_DEFINED\", \"reportConfidence\": \"NOT_DEFINED\", \"temporalSeverity\": \"MEDIUM\", \"availabilityImpact\": \"NONE\", \"environmentalScore\": 5.5, \"privilegesRequired\": \"NONE\", \"exploitCodeMaturity\": \"NOT_DEFINED\", \"integrityRequirement\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"LOCAL\", \"confidentialityImpact\": \"NONE\", \"environmentalSeverity\": \"MEDIUM\", \"availabilityRequirement\": \"NOT_DEFINED\", \"modifiedIntegrityImpact\": \"HIGH\", \"modifiedUserInteraction\": \"REQUIRED\", \"modifiedAttackComplexity\": \"LOW\", \"confidentialityRequirement\": \"NOT_DEFINED\", \"modifiedAvailabilityImpact\": \"NONE\", \"modifiedPrivilegesRequired\": \"NONE\", \"modifiedConfidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Adobe\", \"product\": \"Acrobat Reader\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"25.001.21265\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2026-03-10T17:00:00.000Z\", \"references\": [{\"url\": \"https://helpx.adobe.com/security/products/acrobat/apsb26-26.html\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"Improper Certificate Validation (CWE-295)\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2026-03-10T21:41:36.952Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27221\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-11T03:57:08.259918Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-03-11T13:02:03.066Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-27221\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-10T21:41:36.952Z\", \"dateReserved\": \"2026-02-18T22:02:41.380Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2026-03-10T21:41:36.952Z\", \"assignerShortName\": \"adobe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0264

Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11

De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Adobe	Acrobat	Acrobat 2024 versions antérieures à 24.001.30356 pour Windows et macOS
Adobe	Commerce	Commerce versions 2.4.8 antérieures à 4.2.8-p4
Adobe	Commerce	Commerce versions 2.4.6 antérieures à 4.2.6-p14
Adobe	Commerce	Commerce versions 2.4.9 antérieures à 4.2.9-beta1
Adobe	Commerce	Commerce versions 2.4.7 antérieures à 4.2.7-p9
Adobe	Commerce	Commerce versions 2.4.4 antérieures à 4.2.4-p17
Adobe	Magento	Magento Open Source versions 2.4.6 antérieures à 2.4.6-p14
Adobe	Magento	Magento Open Source versions 2.4.7 antérieures à 2.4.7-p9
Adobe	Magento	Magento Open Source versions 2.4.5 antérieures à 2.4.5-p16
Adobe	Commerce	Commerce B2B versions 1.5.3 antérieures à 1.5.3-beta1
Adobe	Commerce	Commerce B2B versions 1.3.5 antérieures à 1.3.5-p14
Adobe	Acrobat Reader	Acrobat Reader DC versions antérieures à 25.001.21288 pour Windows et macOS
Adobe	Magento	Magento Open Source versions 2.4.9 antérieures à 2.4.9-beta1
Adobe	Commerce	Commerce B2B versions 1.5.2 antérieures à 1.5.2-p4
Adobe	Commerce	Commerce B2B versions 1.3.3 antérieures à 1.3.3-p17
Adobe	Acrobat	Acrobat DC versions antérieures à 25.001.21288 pour Windows et macOS
Adobe	Commerce	Commerce versions 2.4.5 antérieures à 4.2.5-p16
Adobe	Magento	Magento Open Source versions 2.4.8 antérieures à 2.4.8-p4
Adobe	Commerce	Commerce B2B versions 1.4.2 antérieures à 1.4.2-p9
Adobe	Commerce	Commerce B2B versions 1.3.4 antérieures à 1.3.4-p16

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB26-05	2026-03-10	vendor-advisory
Bulletin de sécurité Adobe APSB26-26	2026-03-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30356 pour Windows et macOS",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.8 ant\u00e9rieures \u00e0 4.2.8-p4",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.6 ant\u00e9rieures \u00e0 4.2.6-p14",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.9 ant\u00e9rieures \u00e0 4.2.9-beta1",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.7 ant\u00e9rieures \u00e0 4.2.7-p9",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.4 ant\u00e9rieures \u00e0 4.2.4-p17",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.6 ant\u00e9rieures \u00e0 2.4.6-p14",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.7 ant\u00e9rieures \u00e0 2.4.7-p9",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.5 ant\u00e9rieures \u00e0 2.4.5-p16",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.5.3 ant\u00e9rieures \u00e0 1.5.3-beta1",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.3.5 ant\u00e9rieures \u00e0 1.3.5-p14",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 25.001.21288 pour Windows et macOS",
      "product": {
        "name": "Acrobat Reader",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.9 ant\u00e9rieures \u00e0 2.4.9-beta1",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.5.2 ant\u00e9rieures \u00e0 1.5.2-p4",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.3.3 ant\u00e9rieures \u00e0 1.3.3-p17",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat DC versions ant\u00e9rieures \u00e0 25.001.21288 pour Windows et macOS",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.5 ant\u00e9rieures \u00e0 4.2.5-p16",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.8 ant\u00e9rieures \u00e0 2.4.8-p4",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.4.2 ant\u00e9rieures \u00e0 1.4.2-p9",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.3.4 ant\u00e9rieures \u00e0 1.3.4-p16",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-27220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27220"
    },
    {
      "name": "CVE-2026-27221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27221"
    },
    {
      "name": "CVE-2026-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21295"
    },
    {
      "name": "CVE-2026-21360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21360"
    },
    {
      "name": "CVE-2026-27278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27278"
    },
    {
      "name": "CVE-2026-21291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21291"
    },
    {
      "name": "CVE-2026-21311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21311"
    },
    {
      "name": "CVE-2026-21293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21293"
    },
    {
      "name": "CVE-2026-21292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21292"
    },
    {
      "name": "CVE-2026-21359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21359"
    },
    {
      "name": "CVE-2026-21361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21361"
    },
    {
      "name": "CVE-2026-21285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21285"
    },
    {
      "name": "CVE-2026-21310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21310"
    },
    {
      "name": "CVE-2026-21294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21294"
    },
    {
      "name": "CVE-2026-21286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21286"
    },
    {
      "name": "CVE-2026-21284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21284"
    },
    {
      "name": "CVE-2026-21289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21289"
    },
    {
      "name": "CVE-2026-21282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21282"
    },
    {
      "name": "CVE-2026-21297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21297"
    },
    {
      "name": "CVE-2026-21296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21296"
    },
    {
      "name": "CVE-2026-21309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21309"
    },
    {
      "name": "CVE-2026-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21290"
    }
  ],
  "initial_release_date": "2026-03-11T00:00:00",
  "last_revision_date": "2026-03-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0264",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-03-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
  "vendor_advisories": [
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB26-05",
      "url": "https://helpx.adobe.com/security/products/magento/apsb26-05.html"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB26-26",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
    }
  ]
}

GHSA-99CF-X4R7-CFG6

Vulnerability from github – Published: 2026-03-11 00:31 – Updated: 2026-03-11 00:31

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-27221"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T22:16:18Z",
    "severity": "MODERATE"
  },
  "details": "Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.",
  "id": "GHSA-99cf-x4r7-cfg6",
  "modified": "2026-03-11T00:31:32Z",
  "published": "2026-03-11T00:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27221"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

NCSC-2026-0089

Vulnerability from csaf_ncscnl - Published: 2026-03-12 07:03 - Updated: 2026-03-12 07:03

Summary

Kwetsbaarheden verholpen in Adobe Acrobat Reader

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Adobe heeft kwetsbaarheden verholpen in Adobe Acrobat Reader (versies tot 25.001.21265).

Interpretaties

De kwetsbaarheden omvatten een Use After Free-kwetsbaarheid die kan worden misbruikt om willekeurige code-executie te bereiken. Deze kwetsbaarheid wordt geactiveerd wanneer een gebruiker een kwaadwillig vervaardigd bestand opent. Daarnaast is er een kwetsbaarheid in de certificaatvalidatie, die een aanvaller in staat stelt om ingebouwde beveiligingsfuncties te omzeilen die zijn ontworpen om digitale handtekeningen te verifiëren. Dit kan leiden tot misleiding van gebruikers over de authenticiteit van documenten. De aanval vereist interactie van de gebruiker om succesvol te zijn.

Oplossingen

Adobe heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-295

Improper Certificate Validation

CWE-347

Improper Verification of Cryptographic Signature

CWE-416

Use After Free

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Adobe heeft kwetsbaarheden verholpen in Adobe Acrobat Reader (versies tot 25.001.21265).",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten een Use After Free-kwetsbaarheid die kan worden misbruikt om willekeurige code-executie te bereiken. Deze kwetsbaarheid wordt geactiveerd wanneer een gebruiker een kwaadwillig vervaardigd bestand opent. Daarnaast is er een kwetsbaarheid in de certificaatvalidatie, die een aanvaller in staat stelt om ingebouwde beveiligingsfuncties te omzeilen die zijn ontworpen om digitale handtekeningen te verifi\u00ebren. Dit kan leiden tot misleiding van gebruikers over de authenticiteit van documenten. De aanval vereist interactie van de gebruiker om succesvol te zijn.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Adobe heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Improper Verification of Cryptographic Signature",
        "title": "CWE-347"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Adobe Acrobat Reader",
    "tracking": {
      "current_release_date": "2026-03-12T07:03:24.148324Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0089",
      "initial_release_date": "2026-03-12T07:03:24.148324Z",
      "revision_history": [
        {
          "date": "2026-03-12T07:03:24.148324Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Acrobat 2024"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Acrobat DC"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Acrobat Reader DC"
          }
        ],
        "category": "vendor",
        "name": "Adobe"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-27220",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "Acrobat Reader versions up to 25.001.21265 contain a Use After Free vulnerability that enables arbitrary code execution when a user opens a specially crafted malicious file.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-27220 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27220.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-27220"
    },
    {
      "cve": "CVE-2026-27221",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Verification of Cryptographic Signature",
          "title": "CWE-347"
        },
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "description",
          "text": "Certain versions of Acrobat Reader contain an Improper Certificate Validation vulnerability that allows attackers to bypass security features and spoof a signer\u0027s identity, requiring user interaction to exploit.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-27221 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27221.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-27221"
    },
    {
      "cve": "CVE-2026-27278",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "Acrobat Reader versions up to 25.001.21265 contain a Use After Free vulnerability that enables arbitrary code execution when a user opens a specially crafted malicious file.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-27278 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27278.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-27278"
    }
  ]
}

FKIE_CVE-2026-27221

Vulnerability from fkie_nvd - Published: 2026-03-10 22:16 - Updated: 2026-03-11 18:15

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/acrobat/apsb26-26.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	acrobat_dc	*
apple	macos	-
microsoft	windows	-
adobe	acrobat_reader_dc	*
apple	macos	-
microsoft	windows	-
adobe	acrobat	*
apple	macos	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
              "matchCriteriaId": "02783E59-AA2E-4AC3-9675-6487AE0C9068",
              "versionEndExcluding": "25.001.21288",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
              "matchCriteriaId": "70AABB39-8370-495D-AC09-2F30A1AB83AF",
              "versionEndExcluding": "25.001.21288",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
              "matchCriteriaId": "9F95602E-25EA-45D7-9A60-DC7A01CD6AFE",
              "versionEndExcluding": "24.001.30356",
              "versionStartIncluding": "24.001.20604",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones de Acrobat Reader 24.001.30307, 24.001.30308, 25.001.21265 y anteriores est\u00e1n afectadas por una vulnerabilidad de Validaci\u00f3n de Certificado Inapropiada que podr\u00eda resultar en una omisi\u00f3n de caracter\u00edstica de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para suplantar la identidad de un firmante. La explotaci\u00f3n de este problema requiere interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2026-27221",
  "lastModified": "2026-03-11T18:15:14.850",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "psirt@adobe.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-10T22:16:18.090",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-27221 (GCVE-0-2026-27221)

CERTFR-2026-AVI-0264

Solutions

GHSA-99CF-X4R7-CFG6

NCSC-2026-0089

FKIE_CVE-2026-27221

Tags

Sightings

Nomenclature