Adobe Fixes Zero-Day Vulnerability in Acrobat Reader to Prevent Data Theft

Adobe has fixed a zero-day vulnerability in Acrobat Reader that was being actively exploited to steal data via PDFs. The vulnerability, referred to as CVE-2026-34621, was a high priority target for attackers in the wild. A series of emergency patches have been released to prevent further exploitation.

Adobe issued an emergency patch on April 11, 2026 for CVE-2026-34621, a critical zero-day vulnerability in Acrobat Reader that was being actively exploited in the wild. The flaw — classified as a Prototype Pollution vulnerability — allows attackers to execute arbitrary code remotely when a victim opens a specially crafted PDF document. Evidence indicates the exploit had been deployed since December 2025, meaning attackers operated undetected for approximately four months before disclosure and remediation.

The vulnerability was discovered by security researcher Haifei Li of EXPMON after his team observed anomalous behavior in malicious PDFs circulating online. Adobe rated the fix as Priority 1 — its highest urgency classification — and published security bulletin APSB26-43 acknowledging active exploitation. Affected versions include Acrobat DC through v26.001.21367 and Acrobat 2024 through v24.001.30356, with fixes available in v26.001.21411 and v24.001.30362 respectively.

For ADBE, the incident is a recurring challenge: Acrobat Reader's near-ubiquitous enterprise install base makes it a perennial high-value target for attackers. While Adobe's emergency patch response should limit long-term reputational damage, the four-month exploitation window raises questions about the company's threat detection capabilities. Enterprises running unpatched versions during that period face potential regulatory scrutiny under data breach notification laws, depending on the sensitivity of documents accessed via malicious PDFs.