Multiple Adobe Acrobat and Reader Flaws Enable Code Execution and Information Disclosure
German authorities issued security advisories for Adobe Acrobat DC, Acrobat Reader DC, and Adobe Acrobat Reader covering multiple vulnerabilities that could allow information disclosure and arbitrary code execution. One advisory specifically warned that a flaw in Adobe Acrobat Reader could expose sensitive information and be leveraged for code execution, raising the risk of compromise when users open maliciously crafted PDF files.
A follow-up advisory expanded the scope to multiple vulnerabilities across Adobe’s Acrobat product line, indicating broader exposure for enterprise and end-user systems that rely on Adobe PDF software. Organizations using affected Adobe applications should prioritize vendor patches and review endpoint protections, as successful exploitation could give attackers access to data or the ability to run code on targeted systems.
Timeline
Apr 15, 2026
dCERT publishes Adobe Acrobat multiple vulnerabilities advisory 2026-1085
dCERT published advisory 2026-1085 covering multiple vulnerabilities affecting Adobe Acrobat DC, Acrobat Reader DC, and Acrobat Reader.
Apr 10, 2026
dCERT publishes Adobe Acrobat Reader vulnerability advisory 2026-1027
dCERT published advisory 2026-1027 for Adobe Acrobat Reader, warning that vulnerabilities could allow information disclosure and code execution.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Affected Products
Sources
Related Stories
Adobe Acrobat and Reader Flaws Enable Code Execution via Malicious Files
JPCERT/CC warned that multiple vulnerabilities in **Adobe Acrobat** and **Adobe Acrobat Reader** could lead to arbitrary code execution on both Windows and macOS, including flaws tracked in Adobe bulletins `APSB26-43` and `APSB26-44`. Adobe said exploitation of the `APSB26-43` issues has been confirmed, while JPCERT/CC noted it had not observed attacks in Japan at publication time and cautioned that broader abuse could follow as technical details spread. The affected products include **Adobe Acrobat DC Continuous**, **Adobe Acrobat Reader DC Continuous**, and **Adobe Acrobat 2024 Classic** up to the vulnerable versions identified by Adobe. JPCERT/CC urged organizations and users to update immediately to the latest patched releases, including `26.001.21431` for the DC Continuous branch and `24.001.30365` for Acrobat 2024 Classic, because opening maliciously crafted content may be enough to trigger remote code execution.
2 weeks ago
Adobe Acrobat Reader Prototype Pollution Flaws Enable Code Execution
Adobe disclosed two high-severity prototype pollution vulnerabilities in **Acrobat Reader** tracked as `CVE-2026-34621` and `CVE-2026-34622`. Both flaws can lead to arbitrary code execution in the context of the current user if a victim opens a malicious file, making user interaction a required condition for exploitation. Adobe classified both issues under `CWE-1321` and assigned CVSS v3.1 vectors indicating high impact to confidentiality, integrity, and availability. `CVE-2026-34621` affects Acrobat Reader versions `24.001.30356`, `26.001.21367`, and earlier, while `CVE-2026-34622` affects versions `26.001.21411`, `24.001.30360`, `24.001.30362`, and earlier. The disclosures indicate the vulnerabilities were reported to Adobe's PSIRT and published with advisory references, signaling that organizations using Acrobat Reader should identify exposed versions and prioritize updates to reduce the risk of malicious document-based compromise.
1 weeks ago
Multiple Vulnerabilities Disclosed in Foxit PDF Reader and Editor
German authorities published advisories for **multiple vulnerabilities** affecting **Foxit PDF Reader** and **Foxit PDF Editor**, indicating ongoing security issues across the vendor's desktop PDF products. The notices identify separate advisory entries, `2026-0914` and `2026-1256`, covering flaws in both **Reader** and **Editor** and signaling that organizations using Foxit software should review the affected versions and available vendor guidance. The repeated disclosures suggest a broader patch-management concern for enterprises that rely on Foxit for document handling, particularly because PDF applications are common targets for malicious document-based exploitation. Security teams should prioritize validating installed Foxit versions, applying relevant updates, and monitoring for suspicious PDF-related activity on endpoints where Foxit Reader or Editor is deployed.
6 days ago