Critical Remote Code Execution in Adobe Acrobat Reader (CVE‑2026‑34621) Actively Exploited
What It Is – Adobe disclosed a critical memory‑corruption flaw in Acrobat Reader that allows remote code execution (RCE) when a malicious PDF is opened. The vulnerability (CVE‑2026‑34621) has a CVSS v3.1 base score of 8.6.
Exploitability – Exploits are observed in the wild; threat actors are delivering crafted PDFs via phishing and compromised websites. No public PoC is required – the exploit chain is fully automated.
Affected Products – Adobe Acrobat Reader DC 2024.x and earlier on Windows, macOS, and Linux. Enterprise deployment tools that push the Reader to endpoints are also impacted.
TPRM Impact – A compromised third‑party document viewer can become a foothold for lateral movement across a supply‑chain network, exposing confidential data and enabling ransomware deployment. Vendors that embed Acrobat Reader in their solutions inherit the same risk.
Recommended Actions –
- Deploy Adobe’s emergency update (version 2024.009.20071 or later) across all endpoints immediately.
- Enforce PDF sandboxing or disable JavaScript in Acrobat Reader where feasible.
- Conduct a rapid inventory of all third‑party applications that bundle Acrobat Reader and verify they are patched.
- Update incident‑response playbooks to include malicious‑PDF detection and containment.
- Communicate the patch requirement to all SaaS partners that rely on Adobe PDF rendering.
Source: The Hacker News