Adobe Acrobat and Reader Flaws Enable Code Execution via Malicious Files
JPCERT/CC warned that multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader could lead to arbitrary code execution on both Windows and macOS, including flaws tracked in Adobe bulletins APSB26-43 and APSB26-44. Adobe said exploitation of the APSB26-43 issues has been confirmed, while JPCERT/CC noted it had not observed attacks in Japan at publication time and cautioned that broader abuse could follow as technical details spread.
The affected products include Adobe Acrobat DC Continuous, Adobe Acrobat Reader DC Continuous, and Adobe Acrobat 2024 Classic up to the vulnerable versions identified by Adobe. JPCERT/CC urged organizations and users to update immediately to the latest patched releases, including 26.001.21431 for the DC Continuous branch and 24.001.30365 for Acrobat 2024 Classic, because opening maliciously crafted content may be enough to trigger remote code execution.
Timeline
Apr 15, 2026
JPCERT/CC publishes advisory for APSB26-44 vulnerabilities
On 2026-04-15, JPCERT/CC published advisory JPCERT-AT-2026-0011 about the APSB26-44 vulnerabilities affecting Acrobat and Reader on Windows and macOS. The advisory recommended updating via Adobe's latest releases or manual installer downloads.
Apr 15, 2026
Adobe releases APSB26-44 patches for additional Acrobat and Reader flaws
Adobe issued bulletin APSB26-44 for additional Adobe Acrobat and Adobe Acrobat Reader vulnerabilities that could allow arbitrary code execution when users open maliciously crafted content. Patched versions included 26.001.21431 for the DC Continuous branch and 24.001.30365 for Acrobat 2024 Classic 2024.
Apr 13, 2026
JPCERT/CC warns Japan users about APSB26-43 vulnerabilities
On 2026-04-13, JPCERT/CC published advisory JPCERT-AT-2026-0009 warning about the APSB26-43 Acrobat and Reader flaws. It said it had not confirmed domestic exploitation in Japan at publication time and urged immediate updating because the products are widely used.
Apr 13, 2026
Adobe confirms exploited Acrobat and Reader flaws in APSB26-43
Adobe disclosed security bulletin APSB26-43 covering vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader that could allow arbitrary code execution. Adobe stated that exploitation of these vulnerabilities had been confirmed in the wild.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Multiple Adobe Acrobat and Reader Flaws Enable Code Execution and Information Disclosure
German authorities issued security advisories for **Adobe Acrobat DC**, **Acrobat Reader DC**, and **Adobe Acrobat Reader** covering multiple vulnerabilities that could allow **information disclosure** and **arbitrary code execution**. One advisory specifically warned that a flaw in Adobe Acrobat Reader could expose sensitive information and be leveraged for code execution, raising the risk of compromise when users open maliciously crafted PDF files. A follow-up advisory expanded the scope to **multiple vulnerabilities** across Adobe’s Acrobat product line, indicating broader exposure for enterprise and end-user systems that rely on Adobe PDF software. Organizations using affected Adobe applications should prioritize vendor patches and review endpoint protections, as successful exploitation could give attackers access to data or the ability to run code on targeted systems.
2 weeks ago
Adobe Acrobat Reader Prototype Pollution Flaws Enable Code Execution
Adobe disclosed two high-severity prototype pollution vulnerabilities in **Acrobat Reader** tracked as `CVE-2026-34621` and `CVE-2026-34622`. Both flaws can lead to arbitrary code execution in the context of the current user if a victim opens a malicious file, making user interaction a required condition for exploitation. Adobe classified both issues under `CWE-1321` and assigned CVSS v3.1 vectors indicating high impact to confidentiality, integrity, and availability. `CVE-2026-34621` affects Acrobat Reader versions `24.001.30356`, `26.001.21367`, and earlier, while `CVE-2026-34622` affects versions `26.001.21411`, `24.001.30360`, `24.001.30362`, and earlier. The disclosures indicate the vulnerabilities were reported to Adobe's PSIRT and published with advisory references, signaling that organizations using Acrobat Reader should identify exposed versions and prioritize updates to reduce the risk of malicious document-based compromise.
1 weeks ago
Multiple Critical Vulnerabilities in Adobe Products Allowing Arbitrary Code Execution
Adobe released security advisories addressing multiple vulnerabilities across a range of its products, including ColdFusion, Adobe Experience Manager (AEM), DNG Software Development Kit (SDK), Acrobat, Acrobat Reader, and the Creative Cloud Desktop Application. The most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user, potentially enabling attackers to install programs, modify or delete data, or create new accounts with full user rights. Affected versions span ColdFusion 2025, 2023, and 2021, AEM Cloud Service and 6.5 LTS, DNG SDK 1.7.0 and prior, Acrobat and Acrobat Reader 2020 and 2024 for both Windows and Mac, and Creative Cloud Desktop Application 6.4.0.361 and earlier. Users and administrators are strongly encouraged to review the official advisories and apply the necessary updates to mitigate risk. Threat intelligence at the time of disclosure indicated no reports of these vulnerabilities being exploited in the wild. The advisories emphasize that users with administrative privileges are at greater risk if exploited, and recommend prompt patching to reduce exposure. Organizations relying on Adobe products for document management, web application development, or digital asset workflows should prioritize these updates to prevent potential compromise through remote code execution vulnerabilities.
1 months ago