Adobe Patches Actively Exploited Zero-Day in Acrobat Reader

Adobe has released an emergency security update for Acrobat Reader to address a critical vulnerability that has been exploited in zero-day attacks since at least December 2025. The flaw, tracked as CVE-2026-34621, allows malicious PDF files to Security researcher Haifei Li of EXPMON discovered the vulnerability after an exploit sample was submitted to the detection system on March 26. The sample had been uploaded to VirusTotal three days prior, where only five of 64 security vendors initially flagged it as malicious. The exploit abuses specific JavaScript APIs including util.readFileIntoStream() to read arbitrary local files and RSS.addFeed() to exfiltrate data and fetch additional attacker-controlled code. Adobe has released patches for multiple versions of Acrobat Reader on both Windows and macOS platforms. Users are advised to update immediately to protect against active exploitation. The emergency fix comes amid heightened concerns about PDF-based attacks targeting enterprise environments, where Adobe Reader remains widely deployed.