Adobe patches exploited Reader zero-day CVE-2026-34621 [developing]
Key Questions
What is CVE-2026-34621 in Adobe Reader?
CVE-2026-34621 is a prototype pollution remote code execution (RCE) vulnerability in PDFs with a CVSS score of 8.6. It has been actively exploited since November 2025.
Which Adobe products are affected and what patches are available?
The vulnerability affects Acrobat DC, Reader, and 2024 versions. Adobe released patches on April 11 to versions 26.001.21411 and 24.001.30362.
Who is being targeted by exploits of this vulnerability?
Attackers are persistently targeting victims using this zero-day and prior ones, often through phishing campaigns aimed at the oil and gas sector. Continued warnings are issued along with EXPMON IOCs and Massaro's analysis.
Prototype pollution RCE in PDFs (CVSS 8.6, exploited since Nov2025); patch Acrobat DC/Reader/2024 April11 (v26.001.21411/24.001.30362); EXPMON IOCs, Massaro analysis, persistent targeting w/ prior zero-days, phishing oil/gas; continued warnings.