CVE-2023-26396: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability, identified as CVE-2023-26396. The vulnerability was discovered and reported by Tsunekoh Nakagawa, with the official disclosure occurring on April 12, 2023. This security issue affects both Windows and macOS versions of Adobe Acrobat and Reader (Adobe Advisory).

The vulnerability is classified as a Creation of Temporary File in Directory with Insecure Permissions (CWE-379) issue. It has received a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires local access and user interaction, specifically requiring a victim to open a malicious file (NVD).

Successful exploitation of this vulnerability could result in privilege escalation in the context of the current user. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the affected system (Rapid7).

Adobe has released security updates to address this vulnerability. Users should update their Adobe Acrobat and Reader installations to versions newer than 23.001.20093 for continuous versions and 20.005.30441 for classic versions (Adobe Advisory).