ACCORDING to CISA, the Known Exploited Vulnerabilities Catalog lists CVE-2020-9715 as an Adobe Acrobat Use-After-Free vulnerability that allows code execution. The entry for Adobe | Acrobat notes a related CWE of 416 and states that it is Unknown whether it has been used in ransomware campaigns.
Date Added is 13 April 2026, with a Due Date of 27 April 2026, and the action advised is to apply mitigations per vendor instructions, follow applicable guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The KEV entry also provides links to Adobe’s security notes and the NVD page for CVE-2020-9715. This demonstrates CISA’s ongoing tracking of vulnerabilities exploited in the wild and the emphasis on prompt remediation where mitigations exist.