Vulnerability intelligence
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
Adobe Acrobat
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS Score
7.8
High
EPSS — Exploit Probability
79%
Riskier than 99% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-04-27
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-04-27.
6 articles across 5 outlets · first covered Apr 13, 2026 · latest Apr 14, 2026
Coverage timeline
-
Adobe Patches 55 Vulnerabilities Across 11 Productswww.securityweek.com · Apr 14, 2026
-
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilitieswww.securityweek.com · Apr 14, 2026
-
CISA Adds Critical Adobe, Microsoft, Fortinet Flaws to KEV Catalogsecurityaffairs.com · Apr 14, 2026
-
CISA adds six KEV flaws amid active Fortinet exploitsthehackernews.com · Apr 14, 2026
-
CISA Flags Adobe Acrobat CVE-2020-9715 Flaw, Urges Patchwww.cisa.gov · Apr 13, 2026
-
CISA Adds Adobe Acrobat CVE‑2020‑9715 to KEV, Urges Patchcisa.gov · Apr 13, 2026