OPENING a malicious PDF could trigger a zero‑day in Adobe Acrobat Reader, enabling attackers to read local files and even pull in extra code from a remote server, potentially bypassing sandbox protections. The vulnerability, tracked as CVE-2026-34621, is being exploited in the wild, and affects Acrobat DC, Acrobat Reader DC, and Acrobat 2024 up to specific builds (with fixes in later versions noted).
Exploitation requires nothing more than opening the malicious PDF, and testing indicates samples date back to 11 November 2025. Adobe acknowledges the flaw in its security bulletin, and Malwarebytes urges users to install the emergency update via Help > Check for updates or the direct download centre.
If patching can’t be done immediately, stay cautious with PDFs from unknown senders, keep a real‑time anti‑malware solution active, and monitor HTTP/HTTPS traffic for the “Adobe Synchronizer” string in the User Agent field, according to Adobe.