CVE DATABASE / CVE-2021-28550
CVE-2021-28550
Adobe Acrobat and Reader Use-After-Free Vulnerability
Confirmed exploited in the wild. Added 2021-11-03.
Federal remediation due 2021-11-17.
Required action: Apply updates per vendor instructions.
Summary
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://helpx.adobe.com/security/products/acrobat/apsb21-29.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-28550
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-23. Always verify against the vendor advisory before acting.