Simply Opening a PDF Could Trigger This Adobe Reader Zero-Day
A newly discovered Adobe Acrobat Reader zero-day, tracked as CVE-2026-34621, can be exploited just by opening a malicious PDF — with no extra clicks or permissions needed.
The flaw has been actively exploited in the wild and can let attackers steal local files, contact a remote server, and in some cases pull in and run additional malicious code, potentially getting around Adobe’s sandbox protections.
According to the report, researchers found samples using the exploit dating back to November 11, 2025. Adobe has released emergency fixes for affected Acrobat and Reader versions on both Windows and macOS.
The main takeaway is simple: update immediately, and treat unexpected PDF attachments with extra caution — even after patching.
