THE article highlights a critical security vulnerability in the Atril document viewer, tracked as CVE-2026-46529. This flaw allows attackers to execute arbitrary code through a single-click Remote Code Execution (RCE) exploit via malicious PDF documents. The vulnerability stems from improper argument handling that fails to sanitize user input, specifically in the `ev_spawn` function.
Affected systems include various Linux distributions utilizing the MATE desktop environment (e.g., Ubuntu MATE, Fedora MATE), and users are advised to avoid clicking unverified links, monitor file associations, and promptly apply software updates to mitigate the threat. Researchers have published details and exploit codes, raising concerns about the broad implications of this vulnerability.