Adobe Patches Acrobat Reader Zero-Day (CVE-2026-34621) Exploited in the Wild Since December 2025
Summary
Adobe has released an emergency security update to address CVE-2026-34621, a critical zero-day vulnerability in Adobe Acrobat and Acrobat Reader for both Windows and macOS. The flaw — a prototype pollution vulnerability in the JavaScript engine — has been actively exploited in the wild since at least December 2025, meaning attackers had roughly four months of free exploitation before a patch landed.
The attack is straightforward: victims open a malicious PDF file, and the exploit achieves arbitrary code execution on the target system. Security researcher Haifei Li initially reported the vulnerability, which can lead to full system compromise. CISA has added CVE-2026-34621 to its Known Exploited Vulnerabilities catalog, setting an April 27, 2026 deadline for federal agencies to apply fixes.
Patched versions: Acrobat DC/Reader DC 26.001.21411 (Windows/macOS), Acrobat 2024 24.001.30362 (Windows) and 24.001.30360 (macOS). Adobe’s broader April update covered 61 CVEs across 12 bulletins.
Sources
- The Hacker News — Adobe patches actively exploited Acrobat flaw
- SecurityWeek — Adobe patches Reader zero-day exploited for months
- Help Net Security — Adobe emergency fix for CVE-2026-34621
Commentary
Four months of active exploitation before a patch. That’s the headline that should worry everyone. PDF files remain one of the most ubiquitous document formats in business, and Acrobat Reader is installed on hundreds of millions of machines. A prototype pollution bug that achieves RCE via a simple “open this PDF” attack is a phishing operator’s dream.
The December-to-April exploitation window raises questions about Adobe’s vulnerability response timeline. Whether this was a discovery lag, a patching complexity issue, or something else, four months of known in-the-wild exploitation is too long for a product this widely deployed. If you haven’t updated yet, do it now — and consider whether your organization’s PDF handling policies need tightening.
