Adobe Patches Actively Exploited Acrobat Reader RCE — CVE-2026-34621

Adobe has released emergency patches for CVE-2026-34621, a critical remote code execution vulnerability in Acrobat Reader carrying a CVSS score of 8.6. Adobe confirmed the flaw is actively exploited in the wild at time of release. Successful exploitation allows an attacker to execute arbitrary code on the affected system.

This is the patch-availability follow-up to initial reporting from April 9, when the vulnerability had no CVE and no fix. The CVE is now formally assigned and updates are available. All Acrobat and Acrobat Reader users should apply the emergency update immediately.

Organizations running PDF-heavy workflows should treat any system that processed unsolicited PDFs during the extended exposure window (dating back to at least December 2025) as potentially compromised and investigate accordingly.