A serious security issue in Adobe Acrobat Reader has prompted urgent action, as the company released emergency updates to address an actively exploited vulnerability.
Adobe confirmed that the flaw, tracked as CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. The vulnerability allows attackers to execute malicious code on affected systems, posing a significant risk to users.
The issue has been identified as a prototype pollution flaw, a type of JavaScript vulnerability that lets attackers manipulate application objects and properties. This can lead to arbitrary code execution when exploited.
The vulnerability affects both Windows and macOS versions of Acrobat products, including:
- Acrobat DC versions 26.001.21367 and earlier (fixed in 26.001.21411)
- Acrobat Reader DC versions 26.001.21367 and earlier (fixed in 26.001.21411)
- Acrobat 2024 versions 24.001.30356 and earlier (fixed in 24.001.30362 for Windows and 24.001.30360 for macOS)
Adobe stated it is “aware of CVE-2026-34621 being exploited in the wild,” highlighting the urgency of applying the latest patches.
The disclosure follows findings by security researcher Haifei Li, founder of EXPMON, who revealed that the flaw could be triggered through specially crafted PDF files. Opening such files in Acrobat Reader could execute malicious JavaScript code.
Evidence suggests that the vulnerability may have been exploited since December 2025.
“It appears that Adobe has determined the bug can lead to arbitrary code execution — not just an information leak,” EXPMON said in a post on X. “This aligns with our findings and those of other security researchers over the last few days.”
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
