Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
Adobe Acrobat Reader: Spoofing Signer Identity
CVE-2026-27221
Summary
Adobe Acrobat Reader versions 24 and 25 are vulnerable to a security weakness that could allow an attacker to fake a digital signature. This requires the attacker to trick the user into taking a certain action. To stay safe, update to the latest version of Adobe Acrobat Reader.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| adobe | acrobat_dc | <= 25.001.21288 | – |
| adobe | acrobat_reader_dc | <= 25.001.21288 | – |
| adobe | acrobat | > 24.001.20604 , <= 24.001.30356 | – |
Original title
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An atta...
Original description
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.
nvd CVSS3.1
5.5
Vulnerability type
CWE-295
Improper Certificate Validation
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026