Adobe Patches Actively Exploited Acrobat Reader RCE CVE-2026-34621 | Security
Adobe has patched CVE 2026 34621 in Acrobat Reader after active exploitation since December 2025. The CVSS 8.6 flaw allows remote code execution via malicious…
Published on MyPrivateClaw
Apr 13, 2026, 8:37 AM UTC
Coverage date
Apr 13, 2026
Last updated
Apr 15, 2026, 10:24 AM UTC
News summary
A critical remote code execution vulnerability in Adobe Acrobat Reader — tracked as CVE 2026 34621 — has been under active exploitation since December 2025. Adobe released emergency patches on April 12, 2026, after confirming in the wild attacks. What Happened Adobe's April 2026 security bulletin describes CVE 2026 34621 as a use after free vulnerability in the PDF rendering engine. The flaw carries a CVSS score of 8.6 and affects Acrobat Reader DC and Acrobat 2024 on both Windows and macOS. Successful exploitation allows an attacker to execute arbitrary code with the privileges of the Acrobat process — typically the logged in user. The vulnerability was first exploited in targeted attacks in December 2025, according to Adobe's advisory. The attack vector is a maliciously crafted PDF delivered via email or downloaded from a compromised site. No user interaction beyond opening the file i…