ADOBE has issued an emergency update for Adobe Acrobat and Adobe Acrobat Reader on Windows and macOS to address CVE-2026-34621, a vulnerability Adobe says can be exploited to achieve arbitrary code execution when a crafted PDF is opened, with exploitation reported in the wild.
The affected builds include Acrobat DC (Continuous) 26.001.21367 and earlier, Acrobat Reader DC (Continuous) 26.001.21367 and earlier, and Acrobat 2024 (Classic 2024) 24.001.30356 and earlier; the patched builds are 26.001.21411 for the Continuous line, 24.001.30362 for Windows, and 24.001.30360 for macOS. According to the article, exploitation requires the user to open the malicious file locally, and researchers have noted possible use of privileged Acrobat JavaScript APIs during exploitation.
The post also notes that a PoC exploit appeared on Dark Web forums on 11 April 2026, and that Adobe stated it is aware of exploitation in the wild, which has driven prioritisation for patching across end-user fleets.