a

News

Adobe Acrobat and Reader Zero Day Vulnerability

Adobe Acrobat and Reader zero-day under active exploitation

Adobe has released emergency updates to address CVE-2026-34621, an actively exploited prototype pollution vulnerability affecting Adobe Acrobat and Reader.

Successful exploitation requires user interaction, but the risk is still serious because a victim only needs to open a malicious PDF for code to run in the context of the current user.

Overview

  • CVE: CVE-2026-34621

  • Severity: High

  • CVSS: 8.6

  • Affected products: Acrobat DC, Acrobat Reader DC, Acrobat 2024

  • Platforms: Windows and macOS

  • Vendor advisory date: 11 April 2026

  • Threat status: Actively exploited in the wild

Affected Versions

  • Acrobat DC continuous version 26.001.21367 and earlier

    • Fixed in: 26.001.21411

  • Acrobat Reader DC continuous version 26.001.21367 and earlier

    • Fixed in: 26.001.21411

  • Acrobat 2024 for Windows version 24.001.30356 and earlier

    • Fixed in: 24.001.30362

  • Acrobat 2024 for macOS version 24.001.30356 and earlier

    • Fixed in: 24.001.30360

Vulnerability Breakdown

CVE-2026-34621 - Prototype pollution leading to arbitrary code execution

  • Severity: High

  • CVSS: 8.6

  • Description: Adobe has identified an improperly controlled modification of object prototype attributes, also known as prototype pollution, in Acrobat and Reader.

  • Impact: A malicious PDF may trigger arbitrary code execution in the context of the current user.

  • Conditions: User interaction is required. The victim must open a malicious file.

  • Notes: Adobe has confirmed exploitation in the wild. The vulnerability has also been added to CISA's Known Exploited Vulnerabilities catalog.

Mitigation

  • Apply the latest Adobe security updates immediately.

  • Prioritise endpoints that regularly open externally sourced PDF files.

  • Instruct users not to open unexpected or untrusted PDF attachments until patching is confirmed.

  • Monitor endpoints for suspicious behaviour involving Acrobat or Reader launching unexpected child processes or unusual outbound web requests.

  • Validate patch deployment across both Windows and macOS estates.

Summary for IT Teams

  • Products: Adobe Acrobat DC, Adobe Acrobat Reader DC, Adobe Acrobat 2024

  • Threat Level: High, CVSS 8.6, actively exploited

  • Action Required: Deploy the latest patched versions as a priority, warn users about untrusted PDF attachments, and monitor for suspicious post-open activity on affected endpoints.

Reference

Need Help?

If your organisation needs help assessing exposure, validating patch coverage, or monitoring for related activity, contact Secure ISS on 1300 769 460.

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US