CyberSecurityNewsArchived Jun 24, 2026✓ Full text saved
Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code CyberSecurityNews
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeAdobe
Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code
By Abinaya
April 15, 2026
Adobe has released a critical security bulletin on April 14, 2026, to address multiple vulnerabilities in Adobe Acrobat and Reader for Windows and macOS.
According to the official advisory, successful exploitation of these flaws could allow attackers to execute arbitrary code or read arbitrary files on a targeted system.
While these threats carry high severity ratings, Adobe confirmed that they are not currently aware of any active exploits in the wild.
Arbitrary code execution is particularly dangerous in document readers, as threat actors frequently use phishing emails to trick victims into opening weaponized files.
Once a malicious PDF is opened, an attacker could silently install malware, steal sensitive data, or establish a foothold within a corporate network.
Adobe Acrobat Reader Vulnerabilities
The latest security patch addresses two specific vulnerabilities. Both are categorized as Improperly Controlled Modification of Object Prototype Attributes, commonly known as Prototype Pollution (CWE-1321).
This type of flaw occurs when a script manipulates standard object behavior, allowing attackers to bypass security controls.
The security bulletin highlights the following technical details:
CVE-2026-34622: A critical vulnerability with a high CVSS base score of 8.6, allowing arbitrary code execution in the context of the current user, was reported by a security researcher known as YH from Zscaler.
CVE-2026-34626: Rated as important with a CVSS base score of 6.3, this flaw could result in arbitrary file system reads and expose sensitive local data, discovered by researcher greenapple.
These security flaws affect multiple tracks of Adobe’s PDF software on both Windows and macOS.
Users running outdated software are at risk of potential compromise if they interact with a maliciously crafted document.
The affected products include:
Acrobat DC and Acrobat Reader DC (Continuous Track) versions 26.001.21411 and earlier for both Windows and macOS.
Acrobat 2024 (Classic Track) version 24.001.30362 and earlier for Windows.
Acrobat 2024 (Classic Track) version 24.001.30360 and earlier for macOS.
Mitigations
Adobe rated these updates as Priority 2, meaning no active exploits are known, but patches should be applied promptly to prevent future attacks.
Adobe strongly recommends updating software installations to the newly patched versions: 26.001.21431 for the Continuous Track and 24.001.30365 for the Classic 2024 Track.
Users and IT administrators can secure their environments using the following methods:
Open the Adobe application and manually trigger the patch by navigating to Help and selecting Check for Updates.
Rely on automatic updates if enabled, which will patch the software in the background without requiring manual user intervention.
Download the latest full installer directly from the official Adobe Acrobat Reader Download Center.
Deploy updates across managed enterprise environments using standard administrative tools such as SCCM for Windows or Apple Remote Desktop for macOS.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Klue Hack Leads to Data Breach Across Multiple Cybersecurity Companies
Browser-in-the-Browser Kit Uses Fake Software Errors to Deliver Malware Installers
Fake Income Tax Assessment Notice Delivers RAT-Like Malware to Windows Users
Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch
QNAP Patches Multiple Injection Vulnerabilities Leads to Arbitrary Command Execution
Latest News
Cyber Security
Authorities Disrupt Stealer Malware StealC and Amadey Infrastructure in Global Operation
Cyber Security News
Fake Income Tax Assessment Notice Delivers RAT-Like Malware to Windows Users
Cyber Security News
PoC Exploit Released for Microsoft Exchange Server Elevation of Privilege Vulnerability
Cyber Security News
Laravel Livewire Applications Compromised to Steal Credentials Exploiting RCE Vulnerability
Cyber Security News
Critical Webmin Vulnerabilities Allow Attackers to Impersonate as Any User