Recently, Adobe faced a security issue, wherein digital assailants have been exploiting a zero-day vulnerability in the Acrobat Reader using malicious PDF documents since December. However, when it was brought to its attention, Adobe said that it had released a security update yesterday that fixes the CVE-2026-34621 vulnerability.
The Security Researcher, Haifei Li (founder of the exploit-detection platform EXPMON), first discovered these attacks. According to Haifei, the attackers lure users to open the malicious PDF file, and once opened, it calls specifically “util.readFileIntoStream()” and “RSS.addFeed()” Acrobat APIs in order to read arbitrary files on the user"s local system and collect and send data to the attacker’s server. Furthermore, the threat actor can also launch subsequent RCE/SBX attacks to get full access to the victim’s system.
So, this is what I was busy working on.. A really interesting (and sophisticated) Adobe Reader PDF "fingerprinting" exploit involving zero-day and allowing to launch additional maybe RCE/SBX exploitation!https://t.co/k3Rmy8k4rS
— Haifei Li (@HaifeiLi) April 8, 2026
Also, the Cybersecurity Researcher Gi7w0rm investigated this vulnerability and found that the PDF documents used in these attacks contained Russian language references, subject to the ongoing events in the Russian oil and gas industry.
According to the Adobe Security Bulletin APSB26-43, the vulnerability CVE-2026-34621 is a severe critical threat that carries a CVSS base score of 8.4 (earlier 9.6) out of 10. Adobe mentioned that this ‘fingerprinting’ exploit is a case of prototype pollution that could result in Arbitrary code execution. Prototype pollution is a JavaScript security vulnerability that allows the threat actor to manipulate objects and properties of the application.
The affected products and versions for both Windows and macOS are:
- Acrobat DC versions 26.001.21367 and earlier (Fixed in 26.001.21411)
- Acrobat Reader DC versions 26.001.21367 and earlier (Fixed in 26.001.21411)
- Acrobat 2024 versions 24.001.30356 and earlier (Fixed in 24.001.30362 for Windows and 24.001.30360 for macOS)
It is recommended by Adobe to its users to update the above products to their latest updates to secure their systems. The users can either update their product installations manually, or the products will be updated automatically when the updates are detected.