The Dutch National Cyber Security Center (NCSC-NL) warns[1] that a critical vulnerability in Adobe Acrobat and Adobe Reader is being actively exploited and public exploit code is now available, making large-scale attacks very likely in the short term. Immediate action is required to protect your organization.
Description
Adobe Acrobat and Adobe Reader contain a critical security vulnerability (CVE-2026-34621) that allows attackers to execute malicious code on your computer. Attackers exploit this by tricking users into opening a specially crafted PDF file. Evidence shows this vulnerability has been actively exploited since at least November 2025, and public exploit code has been reported to be available[1], significantly increasing the risk of widespread attacks.The following application versions are known to be vulnerable:
We estimate the impact of this vulnerability as high.
If successfully exploited, attackers gain the ability to run malicious software on affected computers with the same privileges as the user who opened the PDF. This could allow attackers to steal sensitive data, install ransomware, access company systems, or use the compromised computer as a stepping stone for further attacks within your network.
Adobe Acrobat and Adobe Reader contain a critical security vulnerability (CVE-2026-34621) that allows attackers to execute malicious code on your computer. Attackers exploit this by tricking users into opening a specially crafted PDF file. Evidence shows this vulnerability has been actively exploited since at least November 2025, and public exploit code has been reported to be available[1], significantly increasing the risk of widespread attacks.The following application versions are known to be vulnerable:
- Adobe Acrobat DC: 26.001.21367 and earlier
- Adobe Acrobat Reader DC: 26.001.21367 and earlier
- Adobe Acrobat 2024: 24.001.30356 and earlier
We estimate the impact of this vulnerability as high.
If successfully exploited, attackers gain the ability to run malicious software on affected computers with the same privileges as the user who opened the PDF. This could allow attackers to steal sensitive data, install ransomware, access company systems, or use the compromised computer as a stepping stone for further attacks within your network.
Risk
We estimate the risk of this vulnerability as high.
The NCSC-NL has classified this vulnerability as high priority and explicitly warns that large-scale exploitation is expected in the short term. Three factors make this particularly dangerous: the vulnerability has already been exploited in real-world attacks for several months, public exploit code is now freely available making attacks easier to execute, and the attack method (malicious PDF files) is a common and effective social engineering technique. Adobe Acrobat and Reader are trusted applications used throughout organizations, making employees more likely to open PDF files without suspicion.
We estimate the risk of this vulnerability as high.
The NCSC-NL has classified this vulnerability as high priority and explicitly warns that large-scale exploitation is expected in the short term. Three factors make this particularly dangerous: the vulnerability has already been exploited in real-world attacks for several months, public exploit code is now freely available making attacks easier to execute, and the attack method (malicious PDF files) is a common and effective social engineering technique. Adobe Acrobat and Reader are trusted applications used throughout organizations, making employees more likely to open PDF files without suspicion.
Mitigation
Adobe has released security updates that fix this vulnerability[2]. Install these updates immediately on all computers running Adobe Acrobat DC, Adobe Reader DC, or Acrobat 2024.The updates are available through Adobe's automatic update mechanism (Help > Check for Updates in the application) or can be downloaded directly from Adobe's website. IT administrators should prioritize deployment of these patches across the organization using standard software deployment tools.
Adobe has released security updates that fix this vulnerability[2]. Install these updates immediately on all computers running Adobe Acrobat DC, Adobe Reader DC, or Acrobat 2024.The updates are available through Adobe's automatic update mechanism (Help > Check for Updates in the application) or can be downloaded directly from Adobe's website. IT administrators should prioritize deployment of these patches across the organization using standard software deployment tools.
What should you do?
Update all Adobe Acrobat and Adobe Reader installations to the latest version immediately. If you cannot update immediately, exercise extreme caution when opening PDF files, especially from unknown senders or unexpected sources.Verify that the Adobe applications were updated to at least the following versions:
Vulnerability Management customers will be informed in case vulnerable systems are detected in their infrastructure. We will monitor any developments regarding this vulnerability. If new critical information about this threat arises we will reach out to you. You can call us by phone or send us an email if you would like additional information.
E-mail: soc@northwave-cybersecurity.com
Do you have an incident right now? Call our Incident Response Team: 00800 1744 0000
Disclaimer applies, see below.
Sources
[1]: https://advisories.ncsc.nl/2026/ncsc-2026-0111.html
[2]: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html
Update all Adobe Acrobat and Adobe Reader installations to the latest version immediately. If you cannot update immediately, exercise extreme caution when opening PDF files, especially from unknown senders or unexpected sources.Verify that the Adobe applications were updated to at least the following versions:
- Adobe Acrobat DC: 26.001.21411
- Adobe Acrobat Reader DC: 26.001.21411
- Adobe Acrobat 2024: 24.001.30362 (Windows), 24.001.30360 (macOS)
Vulnerability Management customers will be informed in case vulnerable systems are detected in their infrastructure. We will monitor any developments regarding this vulnerability. If new critical information about this threat arises we will reach out to you. You can call us by phone or send us an email if you would like additional information.
E-mail: soc@northwave-cybersecurity.com
Do you have an incident right now? Call our Incident Response Team: 00800 1744 0000
Disclaimer applies, see below.
Sources
[1]: https://advisories.ncsc.nl/2026/ncsc-2026-0111.html
[2]: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html