Adobe has issued emergency updates to address a severe vulnerability in its Acrobat and Reader applications, known to have been exploited in the wild for several months. The flaw, identified as CVE-2026-34621, has been given a high severity rating with a CVSS score of 9.6.
Details of the Vulnerability
The critical vulnerability arises from improperly managed modifications to prototype attributes, allowing attackers to execute arbitrary code. This affects both Windows and macOS users of Acrobat and Reader. The patches are available in version 26.001.21411 of Acrobat DC and Acrobat Reader DC, as well as versions 24.001.30362 and 24.001.30360 of Acrobat 2024.
Discovery and Reporting
The vulnerability was reported by Haifei Li, a distinguished researcher and founder of Expmon, a sandbox system that identifies file-based exploits. Li discovered the zero-day during the analysis of a sophisticated PDF exploit uploaded to Expmon. Although initially designed for information gathering, Li warned that the exploit could progress to remote code execution and even sandbox escapes.
Exploitation and Attribution
The exploitation of this vulnerability, confirmed by Adobe, could lead to code execution rather than just data exposure. Analysis of samples on VirusTotal suggests that these exploits began as early as November 2025. It is suspected that an advanced persistent threat (APT) group is behind the attacks, with malicious PDFs utilizing Russian-language lures related to current events in the energy sector.
Further information about the attackers may be revealed as cybersecurity experts continue to investigate. Li and other researchers have released technical details and indicators of compromise (IoCs) to aid defenders in identifying potential exploitations.
For more on cybersecurity updates, check related news on vulnerabilities in Juniper Networks and Orthanc DICOM.
