Acrobat and Reader vulnerabilities: known CVEs & security history
Adobe · Actively exploited · 1087 tracked CVEs · 21 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Acrobat and Reader release lines — 1087 in total, with 21 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Acrobat and Reader's current status and the safe version to run.
Known Acrobat and Reader CVEs
Actively-exploited and most-severe first. Showing the top 80 of 1087. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2014-0546⚡ exploited | critical | 9.8 | 22% | 2014 |
| CVE-2013-3346⚡ exploited | critical | 9.8 | 79% | 2013 |
| CVE-2013-2729⚡ exploited | critical | 9.8 | 67% | 2013 |
| CVE-2011-2462⚡ exploited | critical | 9.8 | 86% | 2011 |
| CVE-2021-28550⚡ exploited | high | 8.8 | 52% | 2021 |
| CVE-2021-21017⚡ exploited | high | 8.8 | 86% | 2021 |
| CVE-2011-0611⚡ exploited | high | 8.8 | 99% | 2011 |
| CVE-2009-3459⚡ exploited | high | 8.8 | 86% | 2009 |
| CVE-2009-0927⚡ exploited | high | 8.8 | 97% | 2009 |
| CVE-2008-0655⚡ exploited | high | 8.8 | 37% | 2008 |
| CVE-2023-26369⚡ exploited | high | 7.8 | 7% | 2023 |
| CVE-2023-21608⚡ exploited | high | 7.8 | 61% | 2023 |
| CVE-2013-0641⚡ exploited | high | 7.8 | 32% | 2013 |
| CVE-2013-0640⚡ exploited | high | 7.8 | 87% | 2013 |
| CVE-2011-0609⚡ exploited | high | 7.8 | 67% | 2011 |
| CVE-2010-0188⚡ exploited | high | 7.8 | 88% | 2010 |
| CVE-2009-4324⚡ exploited | high | 7.8 | 82% | 2009 |
| CVE-2009-1862⚡ exploited | high | 7.8 | 25% | 2009 |
| CVE-2008-2992⚡ exploited | high | 7.8 | 98% | 2008 |
| CVE-2007-5659⚡ exploited | high | 7.8 | 94% | 2008 |
| CVE-2010-2883⚡ exploited | high | 7.3 | 82% | 2010 |
| CVE-2018-4872 | critical | 10 | 14% | 2018 |
| CVE-2018-4918 | critical | 9.8 | 12% | 2018 |
| CVE-2017-11308 | critical | 9.8 | 8% | 2018 |
| CVE-2017-11307 | critical | 9.8 | 6% | 2018 |
| CVE-2017-11306 | critical | 9.8 | 6% | 2018 |
| CVE-2017-11253 | critical | 9.8 | 6% | 2018 |
| CVE-2017-11250 | critical | 9.8 | 6% | 2018 |
| CVE-2017-11240 | critical | 9.8 | 6% | 2018 |
| CVE-2018-4895 | critical | 9.8 | 14% | 2018 |
| CVE-2018-4879 | critical | 9.8 | 30% | 2018 |
| CVE-2017-16398 | critical | 9.8 | 9% | 2017 |
| CVE-2017-11293 | critical | 9.8 | 9% | 2017 |
| CVE-2016-1009 | critical | 9.8 | 6% | 2016 |
| CVE-2016-1007 | critical | 9.8 | 6% | 2016 |
| CVE-2016-0946 | critical | 9.8 | 4% | 2016 |
| CVE-2016-0945 | critical | 9.8 | 4% | 2016 |
| CVE-2016-0944 | critical | 9.8 | 4% | 2016 |
| CVE-2016-0942 | critical | 9.8 | 4% | 2016 |
| CVE-2016-0940 | critical | 9.8 | 5% | 2016 |
| CVE-2016-0933 | critical | 9.8 | 6% | 2016 |
| CVE-2015-7622 | high | 10 | 23% | 2015 |
| CVE-2015-6691 | high | 10 | 5% | 2015 |
| CVE-2015-6687 | high | 10 | 5% | 2015 |
| CVE-2015-6684 | high | 10 | 7% | 2015 |
| CVE-2015-6683 | high | 10 | 7% | 2015 |
| CVE-2015-5586 | high | 10 | 5% | 2015 |
| CVE-2015-5115 | high | 10 | 6% | 2015 |
| CVE-2015-5114 | high | 10 | 7% | 2015 |
| CVE-2015-5108 | high | 10 | 7% | 2015 |
| CVE-2015-5105 | high | 10 | 6% | 2015 |
| CVE-2015-5104 | high | 10 | 6% | 2015 |
| CVE-2015-5103 | high | 10 | 6% | 2015 |
| CVE-2015-5102 | high | 10 | 6% | 2015 |
| CVE-2015-5101 | high | 10 | 7% | 2015 |
| CVE-2015-5100 | high | 10 | 6% | 2015 |
| CVE-2015-5099 | high | 10 | 7% | 2015 |
| CVE-2015-5098 | high | 10 | 6% | 2015 |
| CVE-2015-5097 | high | 10 | 19% | 2015 |
| CVE-2015-5096 | high | 10 | 6% | 2015 |
| CVE-2015-5095 | high | 10 | 7% | 2015 |
| CVE-2015-5094 | high | 10 | 6% | 2015 |
| CVE-2015-5093 | high | 10 | 9% | 2015 |
| CVE-2015-5087 | high | 10 | 6% | 2015 |
| CVE-2015-4448 | high | 10 | 7% | 2015 |
| CVE-2015-4447 | high | 10 | 8% | 2015 |
| CVE-2015-4445 | high | 10 | 7% | 2015 |
| CVE-2015-4438 | high | 10 | 7% | 2015 |
| CVE-2015-4435 | high | 10 | 7% | 2015 |
| CVE-2015-3095 | high | 10 | 6% | 2015 |
| CVE-2015-3076 | high | 10 | 12% | 2015 |
| CVE-2015-3075 | high | 10 | 9% | 2015 |
| CVE-2015-3074 | high | 10 | 10% | 2015 |
| CVE-2015-3073 | high | 10 | 25% | 2015 |
| CVE-2015-3072 | high | 10 | 10% | 2015 |
| CVE-2015-3071 | high | 10 | 10% | 2015 |
| CVE-2015-3070 | high | 10 | 12% | 2015 |
| CVE-2015-3069 | high | 10 | 10% | 2015 |
| CVE-2015-3068 | high | 10 | 10% | 2015 |
| CVE-2015-3067 | high | 10 | 10% | 2015 |
1007 older / lower-severity CVEs not shown — see Acrobat and Reader's full record.
Is my Acrobat and Reader version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Acrobat and Reader version → · Monitor Acrobat and Reader for new CVEs →
Acrobat and Reader vulnerabilities — frequently asked
How many known vulnerabilities does Acrobat and Reader have?
IsItPatched tracks 1087 CVEs for Acrobat and Reader, 21 of which are actively exploited (CISA KEV). 24 are critical-severity and 727 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Acrobat and Reader have any actively-exploited vulnerabilities?
Yes — 21 Acrobat and Reader CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (2 linked to ransomware). Patch these as a priority.
What is the most severe Acrobat and Reader vulnerability?
Among tracked issues, CVE-2014-0546 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest.
Is Acrobat and Reader safe to use?
It depends on the version. The latest supported Acrobat and Reader release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Acrobat and Reader security status · Acrobat and Reader end-of-life · actively-exploited CVEs. Always verify against Adobe's advisories — see our disclaimer.