Threat Advisory

Adobe Acrobat Vulnerability Allows Arbitrary Code Execution

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT, Healthcare
Criticality: Critical
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Adobe Acrobat and Reader for Windows and macOS. The affected products are Acrobat DC and Acrobat Reader DC (Continuous Track) versions 26.001.21411 and earlier for both Windows and macOS, as well as Acrobat 2024 (Classic Track) version 24.001.30362 and earlier for Windows, and Acrobat 2024 (Classic Track) version 24.001.30360 and earlier for macOS. These vulnerabilities allow for arbitrary code execution and arbitrary file system reads, posing a significant threat to business operations. If exploited, attackers could silently install malware, steal sensitive data, or establish a foothold within a corporate network, resulting in severe business disruption and potential financial losses.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Adobe Acrobat and Reader for Windows and macOS. The affected products are Acrobat DC and Acrobat Reader DC (Continuous Track) versions 26.001.21411 and earlier for both Windows and macOS, as well as Acrobat 2024 (Classic Track) version 24.001.30362 and earlier for Windows, and Acrobat 2024 (Classic Track) version 24.001.30360 and earlier for macOS. These vulnerabilities allow for arbitrary code execution and arbitrary file system reads, posing a significant threat to business operations. If exploited, attackers could silently install malware, steal sensitive data, or establish a foothold within a corporate network, resulting in severe business disruption and potential financial losses.[emaillocker id="1283"]

  • CVE-2026-34622 with a CVSS score of 8.6 – A critical vulnerability allowing arbitrary code execution in the context of the current user, reported by a security researcher known as YH from Zscaler. This flaw occurs when a malicious PDF is opened, allowing attackers to execute arbitrary code. CVE-2026-34626 with a CVSS score of 6.3 – An important flaw resulting in arbitrary file system reads and exposing sensitive local data, discovered by researcher greenapple. This vulnerability could be exploited by attackers to read sensitive local data.
  • CVE-2026-34622 with a CVSS score of 8.6 – A critical vulnerability allowing arbitrary code execution in the context of the current user, reported by a security researcher known as YH from Zscaler. This flaw occurs when a malicious PDF is opened, allowing attackers to execute arbitrary code.

The exploitation of these vulnerabilities poses a significant risk to business operations, as attackers could gain unauthorized access to sensitive data and disrupt critical systems. If left unpatched, these vulnerabilities could lead to severe business consequences, including financial losses, reputational damage, and compromised intellectual property.

RECOMMENDATION:

We recommend you to update Adobe Acrobat Reader to version 26.001.21431 for the Continuous Track and 24.001.30365 for the Classic 2024 Track.

REFERENCES:

The following reports contain further technical details:
https://cybersecuritynews.com/adobe-acrobat-reader-vulnerabilities-patch/

[/emaillocker]
crossmenu