The creative software company Adobe has been forced to release an emergency update to fix a zero-day vulnerability in Acrobat Reader and Acrobat that had been actively exploited for months by threat actors.
The flaw, identified as CVE-2026-34621, allowed an attacker to execute malicious code on the victim’s computer simply by having them open a manipulated PDF file. Something as common as opening a document could completely compromise the system.
According to the company and several cybersecurity researchers, the first signs of exploitation date back to November of last year, although the attacks may have started even earlier.
The vulnerability was discovered by researcher Haifei Li, who found a specially crafted PDF to exploit the flaw while analyzing malware samples in a detection environment.
Li is a renowned researcher who has worked at Fortinet, McAfee, Microsoft, and Check Point. He is the founder of Expmon, a vulnerability analysis system designed to detect file-based exploits.
A very real threat
Adobe has confirmed that the flaw was being used in real attack campaigns, not just in laboratory tests.
The issue affected the way Acrobat Reader handled certain internal program objects. Using this, the wrongdoers could execute code on the victim’s system, steal information from the device, and prepare further attacks once they accessed the system.
Analyses suggest that this is not a massive indiscriminate campaign, but more targeted attacks. Some of the malicious documents analyzed contained indications of content in Russian and references to specific sectors such as the energy industry, suggesting possible specific targets and strategically motivated attacks.
Adobe has already fixed the issue in the latest versions of Acrobat DC, Acrobat Reader DC, and Acrobat 2024. The company has urged all users to update their applications as soon as possible, as the vulnerability was being actively exploited and its risk level is high.
Security experts recommend users install the patch immediately, avoid opening PDF files from unknown sources, especially those received via email or messaging, and always keep the system’s security software up to date.
