Adobe released emergency patches for a critical Acrobat and Reader zero-day that has been exploited in the wild for several months. The vulnerability, tracked as CVE-2026-34621 with a CVSS score of 9.6, enables arbitrary code execution via improperly controlled prototype attribute modifications and affects Acrobat/Reader on Windows and macOS. #CVE-2026-34621 #AdobeAcrobat
Keypoints
- Adobe issued emergency patches to fix CVE-2026-34621 in Acrobat DC, Acrobat Reader DC, and Acrobat 2024.
- The vulnerability scores 9.6 CVSS and enables arbitrary code execution through prototype attribute modification.
- Exploitation has been observed in the wild since at least November 2025 based on exploit samples.
- Researcher Haifei Li discovered the zero-day via Expmon and published technical details and IoCs.
- Analysts suspect an APT using Russian-language lures tied to Russiaβs oil and gas sector.
Read More: https://www.securityweek.com/adobe-patches-reader-zero-day-exploited-for-months/