[German]A few hours ago, I reported on a zero-day vulnerability in Adobe Reader. Simply opening a PDF file can be enough to take control of the system. Adobe has now confirmed the vulnerability (CVE-2026-34621) and released a security update to patch it. This should be installed within 72 hours.
Adobe Reader 0-day is exploited in the wild
There is a 0-day vulnerability in Adobe Reader that has been exploited since December 2025. Security researcher Haifei Li discovered an exploit in his sandbox-based exploit detection platform EXPMON that takes advantage of a previously unknown vulnerability. Haifei Li wrote that he had discovered a sophisticated zero-day fingerprinting attack targeting Adobe Reader users.
The exploit takes advantage of a zero-day vulnerability in Adobe Reader that allows privileged Acrobat APIs to be executed. The exploit calls util.readFileIntoStream() via the API, enabling it to read arbitrary files (to which the Reader process running in a sandbox has access) on the local system.
In this way, malware can collect a wide range of information from the local system and steal local file data. I reported on the issue in the German blog post 0-day-Schwachstelle in Adobe Reader seit Dez. 2025 ausgenutzt. Haifei Li published details in a blog post on April 7, 2026.
Adobe confirms vulnerability CVE-2026-34621
I just came across the information, that Adobe has confirmed the discovery of the zero-day vulnerability. And Adobe has released emergency patches to fix vulnerability CVE-2026-34621. I've compiled the details within my German blog post Adobe Reader Notfallpatch für 0-Day-Schwachstelle CVE-2026-34621 [use the build-in translator of my blog to read the article in your language].
