⚠ Actively exploited
Added to CISA KEV on 2026-04-13. Federal agencies required to patch by 2026-04-27. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..
CVE-2020-9715
Severity
7.8HIGH
EPSS
50.4%
top 2.15%
CISA KEV
KEV
Added 2026-04-13
Due 2026-04-27
Exploit
No known exploits
Affected products
Timeline
PublishedAug 19
KEV addedApr 13
KEV dueApr 27
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5adobe/adobe_acrobat_and_reader2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier versions