**Adobe** has released an emergency security update for **Acrobat Reader** to fix a vulnerability, tracked as **CVE-2026-34621**, that has been exploited in zero-day attacks since at least December. ### Vulnerability Details The flaw allows malicious PDF files to bypass sandbox restrictions and invoke privileged JavaScript APIs, potentially leading to arbitrary code execution. The exploit observed in attacks enables reading and stealing arbitrary files. No user interaction is required beyond opening the malicious PDF. Specifically, the exploit abuses APIs like `util.readFileIntoStream()` to read arbitrary local files and `RSS.addFeed()` to exfiltrate data and fetch additional attacker-controlled code. ### Discovery The security issue was discovered by **Haifei Li**, founder of the **EXPMON** exploit detection system, after someone submitted for analysis a PDF sample named "*yummy_adobe_exploit_uwu.pdf*." **Haifei Li** says that someone submitted the sample to **EXPMON** on March 26, but it had been sent to **VirusTotal** three days before, where only five out of 64 security vendors flagged it as malicious at the time. The researcher decided to manually investigate the issue after the exploit detection system activated its "detection in depth" feature, an advanced detection capability **Haifei Li** specifically developed for **Adobe Reader**, he says in a [blog post](https://justhaifei1.blogspot.com/) last week. Security researcher Gi7w0rm in the wild that leveraged Russian-language documents with oil and gas industry lures. ### Adobe's Response Following the receipt of Li’s report, **Adobe** published a [security bulletin](https://helpx.adobe.com/security/products/acrobat/apsb26-43.html) over the weekend, assigning the vulnerability the **CVE-2026-34621** tracker. Although the flaw was initially rated critical (9.6) with a network attack vector, **Adobe** subsequently lowered the severity to 8.6 after changing the vector to local. ### Affected Products The vendor listed the following Windows and macOS products as impacted: * Acrobat DC versions 26.001.21367 and earlier (fixed in version 26.001.21411) * Acrobat Reader DC versions 26.001.21367 and earlier (fixed in version 26.001.21411) * Acrobat 2024 versions 24.001.30356 and earlier (fixed in version 24.001.30362 on Windows, and version 24.001.30360 on Mac) ### Remediation **Adobe** recommends that users of the above software update their applications through ‘Help > Check for Updates,’ which triggers an automated update. Alternatively, users may download an **Acrobat Reader** installer from **Adobe’s** [official software portal](https://get.adobe.com/reader). No workarounds or mitigations were listed in the bulletin, so applying the security updates is the only recommended action. However, users should always be wary of PDF files sent from unsolicited sources and open them in sandboxed environments when suspicious.