Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability Exploited in the Wild (CVE-2026-34621)

Adobe has released security updates to address CVE-2026-34621, a critical arbitrary code execution vulnerability actively exploited in the wild within Adobe Acrobat and Reader. Discovered by EXPMON, this prototype pollution flaw allows attackers to manipulate application objects, read arbitrary local files, and exfiltrate data via compromised APIs. Successful exploitation enables system fingerprinting, data theft, and the delivery of additional malicious code for remote code execution or sandbox escape. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog, mandating immediate action. Affected versions include Acrobat DC Continuous and 2024 Classic on Windows and macOS. Users are urged to patch to versions 26.001.21411 or later immediately. Qualys provides detection via QID 387005. Organizations should prioritize remediation to prevent unauthorized access and data compromise stemming from this widely used PDF viewer vulnerability.

Adobe released a security update to address an actively exploited vulnerability impacting Adobe Acrobat and Reader. Tracked as CVE-2026-34621, the vulnerability may allow an attacker to run malicious code on affected installations. Haifei Li from EXPMON discovered and reported the vulnerability to Adobe. CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA urges users to patch the vulnerability before April 27, … Continue reading "Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability Exploited in the Wild (CVE-2026-34621)"

Adobe has released security updates to address CVE-2026-34621, a critical arbitrary code execution vulnerability actively exploited in the wild within Adobe Acrobat and Reader. Discovered by EXPMON, this prototype pollution flaw allows attackers to manipulate application objects, read arbitrary local files, and exfiltrate data via compromised APIs. Successful exploitation enables system fingerprinting, data theft, and the delivery of additional malicious code for remote code execution or sandbox escape. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog, mandating immediate action. Affected versions include Acrobat DC Continuous and 2024 Classic on Windows and macOS. Users are urged to patch to versions 26.001.21411 or later immediately. Qualys provides detection via QID 387005. Organizations should prioritize remediation to prevent unauthorized access and data compromise stemming from this widely used PDF viewer vulnerability. Adobe released a security update to address an actively exploited vulnerability impacting Adobe Acrobat and Reader. Tracked as CVE-2026-34621, the vulnerability may allow an attacker to run malicious code on affected installations. Haifei Li from EXPMON discovered and reported the vulnerability to Adobe. CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA urges users to patch the vulnerability before April 27, … Continue reading "Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability Exploited in the Wild (CVE-2026-34621)" Adobe released a security update to address an actively exploited vulnerability impacting Adobe Acrobat and Reader. Tracked as CVE-2026-34621, the vulnerability may allow an attacker to run malicious code on affected installations. Haifei Li from EXPMON discovered and reported the vulnerability to Adobe. CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog . CISA urges users to patch the vulnerability before April 27, 2026. Adobe Acrobat Reader is a free, widely used application for viewing, printing, signing, sharing, and annotating PDF files on desktop and mobile devices. It serves as the standard, trusted PDF viewer, allowing users to fill out forms and collaborate on documents, while premium subscriptions are needed for advanced editing features. Vulnerability Details The vulnerability originates from a pollution prototype flaw that could lead to arbitrary code execution. Prototype pollution is a JavaScript security vulnerability that allows an attacker to manipulate an application’s objects and properties. Haifei Li described the technical details of the vulnerability in a blog post. The company states that they called the “ util.readFileIntoStream() ” API. The API allows attackers to read arbitrary files (accessible by the sandboxed Reader process) on the local system. In this way, it can collect a wide range of information from the local system and steal local file data. The “RSS.addFeed()” API that contains util.readFileIntoStream()” API is called to serve two purposes: Sending the information collected from the local system to a remote server. Receiving additional JavaScript code to be executed. This mechanism allows the threat actor to collect user information, steal local data, perform advanced “fingerprinting”, and launch future attacks. If the target meets the attacker’s conditions, the attacker may deliver additional exploits to achieve RCE or SBX. Affected versions Product Track Affected Versions Platform Acrobat DC Continuous 26.001.21367 and earlier Windows & macOS Acrobat Reader DC Continuous 26.001.21367 and earlier Windows & macOS Acrobat 2024 Classic 2024 24.001.30356 and earlier Windows & macOS Mitigation Adobe released the following security updates to patch the vulnerability: Product Track Updated Versions Platform Acrobat DC Continuous 26.001.21411 Windows & macOS Acrobat Reader DC Continuous 26.001.21411 Windows & macOS Acrobat 2024 Classic 2024 Windows: 24.001.30362 Mac: 24.001.30360 Windows & macOS For more information, please refer to the Adobe Security Advisory (APSB26-43) . Qualys Detection Qualys customers can scan their devices with QID 387005 to detect vulnerable assets. Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities. References https://helpx.adobe.com/security/products/acrobat/apsb26-43.html https://justhaifei1.blogspot.com/2026/04/expmon-detected-sophisticated-zero-day-adobe-reader.html