SECURITYWEEK reports that reputable researcher Haifei Li has identified what appears to be an actively exploited Adobe Reader zero-day vulnerability, with the exploit detected by Expmon and said to be capable of collecting and leaking data and potentially followed by remote code execution and sandbox escape exploits. Li, who has worked at Fortinet, Microsoft, McAfee and Check Point, is asking the cybersecurity community for assistance in investigating the sophisticated PDF attack.
SecurityWeek notes that the exploit has been confirmed to work against the latest version of Adobe Reader, and that exploits have been submitted to Expmon and VirusTotal, with one sample submitted to VirusTotal in November 2025 indicating the vulnerability has been exploited for at least four months. Adobe has been contacted for assessment, but the company had only received details around 7 April, according to the article.
The piece also mentions that a Reader vulnerability discovered in 2024 tracked as CVE-2024-41869 has not been confirmed as being exploited in the wild by Adobe, as reported by the publication on 9 April 2026.