Adobe Releases Security Update to Address a Vulnerability in Acrobat and Reader
CVE‑2026‑34621 could allow arbitrary code execution via malicious PDF files opened in vulnerable Adobe Acrobat or Reader installations.
Summary
CVE‑2026‑34621 could allow arbitrary code execution via malicious PDF files opened in vulnerable Adobe Acrobat or Reader installations.
Affected platforms
The following platforms are known to be affected:
Threat details
CVE-2026-34621 under active zero-day exploitation
Adobe has confirmed that CVE‑2026‑34621 is being actively exploited in the wild, with publicly reported zero‑day exploitation activity.
The NHS England National CSOC assesses that further exploitation is highly likely.
Introduction
Adobe has released one security bulletin to address a high severity vulnerability in Adobe Acrobat and Reader.
- CVE‑2026‑34621 – An 'improperly controlled modification of object prototype attributes' vulnerability – CVSS v3.1: 8.6
Successful exploitation could allow arbitrary code execution in the context of the current user, potentially leading to full system compromise.
Remediation advice
Affected organisations are strongly encouraged to review Adobe Security Bulletin APSB26‑43 and apply the relevant security updates as soon as possible.
Definitive source of threat updates
Last edited: 13 April 2026 2:37 pm