Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Home/Vulnerabilities/Critical Adobe Acrobat Reader Flaws Let Attackers Run Code
Vulnerabilities

Critical Adobe Acrobat Reader Flaws Let Attackers Run Code

Key Takeaways Adobe has released critical security patches for Acrobat and Reader on Windows and macOS. Two vulnerabilities, CVE-2026-34622 and CVE-2026-34626, could enable arbitrary code execution...

Marcus Rodriguez
Marcus Rodriguez
April 15, 2026 3 Min Read
48 0

Key Takeaways

  • Adobe has released critical security patches for Acrobat and Reader on Windows and macOS.
  • Two vulnerabilities, CVE-2026-34622 and CVE-2026-34626, could enable arbitrary code execution or arbitrary file reads.
  • The most severe flaw, CVE-2026-34622, carries a CVSS score of 8.6, posing a significant risk.
  • All users of Adobe Acrobat and Reader, across both Continuous and Classic tracks, are affected.
  • Adobe has issued updates and strongly advises immediate patching, though no active exploits are currently known.

Critical Flaws in Adobe Acrobat and Reader Expose Users to Code Execution Risks

Adobe has issued an urgent security bulletin addressing several critical vulnerabilities within its widely used Acrobat and Reader software for both Windows and macOS platforms. Released on April 14, 2026, the patches target flaws that, if exploited, could allow malicious actors to execute arbitrary code or read sensitive files on a victim’s system.

Table Of Content

  • Key Takeaways
  • Critical Flaws in Adobe Acrobat and Reader Expose Users to Code Execution Risks
  • Technical Details of the Vulnerabilities
  • What You Should Do

While the identified threats are rated with high severity, Adobe has confirmed that there is no evidence of these vulnerabilities being actively exploited in the wild at this time. However, the potential for arbitrary code execution in document readers is particularly concerning, given the prevalence of phishing attacks that leverage weaponized files to compromise systems.

Should a user open a maliciously crafted PDF, an attacker could silently deploy malware, exfiltrate confidential data, or establish an initial foothold within an organizational network without immediate detection.

Technical Details of the Vulnerabilities

The recent security update specifically resolves two vulnerabilities, both categorized under “Improperly Controlled Modification of Object Prototype Attributes,” also known as Prototype Pollution (CWE-1321). This class of vulnerability arises when a script can unexpectedly alter the fundamental behavior of standard objects, potentially allowing attackers to bypass existing security mechanisms.

The security advisory details the following specific flaws:

  • CVE-2026-34622: This critical vulnerability, boasting a CVSS base score of 8.6, facilitates arbitrary code execution in the context of the currently logged-in user. Security researcher YH from Zscaler is credited with reporting this flaw.
  • CVE-2026-34626: Rated as important with a CVSS base score of 6.3, this vulnerability could lead to arbitrary file system reads, potentially exposing sensitive local data. Researcher greenapple discovered this issue.

These security weaknesses impact multiple versions of Adobe’s PDF software across both Windows and macOS operating systems. Users operating with outdated software versions are at significant risk of compromise if they interact with a document designed to exploit these vulnerabilities.

Affected products and versions include:

  • Acrobat DC and Acrobat Reader DC (Continuous Track) versions 26.001.21411 and earlier, for both Windows and macOS.
  • Acrobat 2024 (Classic Track) version 24.001.30362 and earlier, for Windows.
  • Acrobat 2024 (Classic Track) version 24.001.30360 and earlier, for macOS.

What You Should Do

Adobe has assigned these updates a “Priority 2” rating, indicating that while no active exploits are confirmed, prompt patching is crucial to prevent future attacks. Users and IT administrators are strongly advised to update their software installations to the newly patched versions:

  • For the Continuous Track, update to version 26.001.21431.
  • For the Classic 2024 Track, update to version 24.001.30365.

To secure your environment, consider the following mitigation steps:

  • Manually trigger the update process by opening your Adobe application, navigating to “Help,” and selecting “Check for Updates.”
  • Ensure automatic updates are enabled, allowing the software to patch itself in the background without user intervention.
  • Download the latest full installer directly from the official Adobe Acrobat Reader Download Center.
  • For managed enterprise environments, deploy updates using standard administrative tools such as SCCM for Windows or Apple Remote Desktop for macOS.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitMalwarePatchphishingSecurityThreatVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

MuddyWater APT Scans 12,000+ Systems to Target Middle East Critical Sectors

Next Post

New Research: Google, Microsoft, Meta Track Users Despite Opt-Outs

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Vulnerability in Windows Drivers Lets Attackers Disable Security Software
July 1, 2026
Automotive Manufacturer Boosts SOC Triage Speed, Closes Supplier Security Gap
July 1, 2026
Microsoft Teams Blocks Uninvited Bots From Meetings
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us