Bright Nexus

Published on April 12, 2026

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Severity

High

Detail

Cybersecurity researchers have identified a critical vulnerability affecting Adobe Acrobat Reader that is being actively exploited in the wild. The flaw, tracked as CVE-2026-34621, allows attackers to execute arbitrary code on affected systems.

This vulnerability is associated with improper memory handling, which can be triggered when a user opens a specially crafted malicious PDF file. Successful exploitation enables attackers to run malicious code with the privileges of the current user, potentially leading to full system compromise.

The vulnerability is particularly dangerous because it is already being actively exploited in real-world attacks. Threat actors are distributing weaponized PDF documents through phishing campaigns and other delivery mechanisms, targeting unsuspecting users.

Adobe has acknowledged the issue and released security updates to address the flaw. Systems that remain unpatched are at significant risk of compromise.

CVE IDSummaryCVSS Score
CVE-2026-34621Improper memory handling in Adobe Acrobat Reader allows arbitrary code execution via malicious PDF files.8.8 (High)

Affected Products

The vulnerability impacts the following products and versions for both Windows and macOS: –

  • Acrobat DC versions 26.001.21367 and earlier (Fixed in 26.001.21411)
  • Acrobat Reader DC versions 26.001.21367 and earlier (Fixed in 26.001.21411)
  • Adobe Acrobat 2024 versions:
    – 24.001.30356 and earlier (Windows, fixed in 24.001.30362)
    – 24.001.30356 and earlier (macOS, fixed in 24.001.30360)

Recommendation

Users and administrators are strongly advised to take the following actions immediately:

  • Update Adobe Acrobat Reader and Acrobat to the latest available version
  • Enable automatic updates to ensure timely patching
  • Avoid opening PDF files from untrusted or unknown sources

Failure to apply the security update may result in system compromise, data theft, or further lateral movement within the network.

Source

https://thehackernews.com/2026/04/adobe-patches-actively-exploited.html