************Adobe patches exploited Reader zero-day CVE-2026-34621** [developing]
Key Questions
What is CVE-2026-34621 in Adobe Acrobat Reader?
CVE-2026-34621 is a prototype pollution remote code execution (RCE) vulnerability in PDFs, with a CVSS score of 8.6. It allows attackers to execute arbitrary code by processing malicious PDF files.
Has CVE-2026-34621 been exploited in the wild?
Yes, the vulnerability has been actively exploited since December 2025. Adobe confirmed real-world attacks, marking it as a zero-day issue patched after months of exploitation.
How can users protect themselves from this Adobe Reader vulnerability?
Adobe released patches for Acrobat DC, Reader, and Acrobat 2024 on April 11, 2026. Users should immediately update to the latest versions and exercise caution with PDF files from untrusted sources, especially in phishing campaigns targeting oil and gas sectors.
Prototype pollution RCE in PDFs (CVSS 8.6, exploited since Dec2025); patch Acrobat DC/Reader/2024 April11; persistent targeting w/ prior zero-days, phishing oil/gas.