Adobe has released a patch for a critical security vulnerability in its PDF software after hackers spent at least four months exploiting it without detection. The flaw, tracked as CVE-2026-34621, affects Acrobat DC, Reader DC, and Acrobat 2024 on both Windows and macOS. Adobe confirmed in a note on its website that the bug was being actively exploited in the wild before the fix was issued, making it a zero-day vulnerability.
The attack method requires no sophisticated setup from the hacker’s side. A target simply needs to open a maliciously crafted PDF file. Once opened, the exploit triggers automatically, giving the attacker the ability to remotely plant malware on the victim’s device. According to the security researcher who discovered the flaw, a successful exploit “could lead to full control of the victim’s system,” allowing the hacker to steal a broad range of data.
The vulnerability came to light after a malicious PDF containing the exploit was uploaded to an online malware-scanning platform. Security researcher Haifei Li, who operates the exploit-detection system EXPMON, stumbled upon a vulnerability when someone uploaded a malicious PDF containing the exploit to his malware scanner. In a blog post, Li mentioned that this malware-infested PDF had first shown up on VirusTotal, another online malware scanner, back in late November 2025. Analysis showed that another copy of the same file had appeared on a separate malware scanner, VirusTotal, as far back as late November 2025. That timeline puts the window of active exploitation at roughly four months before Adobe issued a fix.
It is not yet known who is behind the hacking campaign, who the targets were, or how many people were affected. The researcher said it was not possible to retrieve additional exploit samples from the attacker’s infrastructure, leaving the full scope of the campaign unclear.
Adobe’s PDF software is among the most widely used applications in the world, which makes it a consistent and attractive target for both financially motivated cybercriminals and state-backed hacking groups. Attackers have abused weaknesses in Adobe Reader for more than a decade. Because users routinely receive and open PDF files from unknown sources in both personal and professional contexts, PDF-based exploits carry a particularly high success rate compared to attacks that require more user interaction.
Adobe has urged all users of Acrobat DC, Reader DC, and Acrobat 2024 to update their software to the latest versions immediately.
