Adobe patches Acrobat and Reader zero-day exploited in the wild
3 min. read 
Published on
Adobe has released an emergency security update for Acrobat and Acrobat Reader after confirming active exploitation of CVE-2026-34621. The flaw can lead to arbitrary code execution, which means a malicious file could run code on a victim’s device if the attack succeeds.
The bug affects Adobe Acrobat DC, Acrobat Reader DC, and Acrobat 2024 on Windows and macOS. Adobe says users should move to the latest patched builds as soon as possible, and it has assigned the update a Priority 1 rating.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
CVE-2026-34621 is a prototype pollution issue tracked under CWE-1321. Adobe rates it as critical, while the published CVSS v3.1 score now stands at 8.6 after the company revised the attack vector from Network to Local on April 12, 2026.
Why this flaw matters
The attack still needs user interaction. According to Adobe and NVD, a victim must open a malicious file for exploitation to happen, which makes phishing emails and weaponized PDF attachments the most likely delivery method.
That does not make the bug minor. Acrobat and Reader remain deeply embedded in business workflows, so even a user-assisted exploit can create a serious entry point into enterprise environments, especially when attackers disguise PDFs as invoices, legal notices, or internal documents.
Adobe’s advisory also clarifies the exact versions at risk. Acrobat DC and Acrobat Reader DC version 26.001.21367 and earlier are affected, along with Acrobat 2024 version 24.001.30356 and earlier.
Patched versions and affected builds
| Product | Affected versions | Patched version |
|---|---|---|
| Acrobat DC | 26.001.21367 and earlier | 26.001.21411 |
| Acrobat Reader DC | 26.001.21367 and earlier | 26.001.21411 |
| Acrobat 2024 | 24.001.30356 and earlier | Windows: 24.001.30362, macOS: 24.001.30360 |
Patch details come directly from Adobe’s APSB26-43 bulletin.
What admins and users should do now
Organizations should treat this as a fast-turn patching issue because Adobe has already confirmed in-the-wild exploitation. Security teams should also review recent emails and downloads involving PDF attachments, especially if they came from unknown or unexpected sources.
IT teams in managed environments can deploy the update through their standard software management tools. Adobe says end users can also update manually through Help > Check for Updates, while automatic updates will install when the products detect them.
The practical priority is simple. Patch first, then reduce exposure from suspicious PDFs through mail filtering, user awareness reminders, and endpoint monitoring.
Immediate actions
- Update Acrobat and Reader to the fixed versions
- Review email controls for suspicious PDF attachments
- Warn staff not to open unexpected PDF files
- Check security tools for unusual Acrobat or Reader activity
- Prioritize endpoints used for finance, legal, HR, and executive workflows
FAQ
It is a zero-day vulnerability in Adobe Acrobat and Acrobat Reader. Adobe says the flaw can lead to arbitrary code execution.
Yes. Adobe states that it is aware of CVE-2026-34621 being exploited in the wild.
Yes. The victim must open a malicious file for the exploit to work.
Adobe lists 26.001.21411 for Acrobat DC and Acrobat Reader DC, plus 24.001.30362 for Acrobat 2024 on Windows and 24.001.30360 on macOS.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages