Adobe is patching a vulnerability in its flagship document readers, Acrobat DC, Reader DC and Acrobat 2024, that hackers have been actively exploiting for at least four months.
The vulnerability is officially tracked as CVE-2026-34621allows hackers to remotely install malware on a person’s device by tricking them into opening a maliciously crafted PDF file on their Windows device or macOS computer. The exploit targets a vulnerability in some versions of the Adobe Reader software.
It is not yet known how many people have been affected by this hacking campaign. In a note on its website, Adobe said it was aware of the bug being exploited in the wild, known as a zero-day, indicating that hackers were using it to break into people’s computers before Adobe could fix it.
While it’s unclear who is behind the hacking campaign, the ubiquity of Adobe’s PDF reader software makes it a constant target for cybercriminals and government-sponsored hackers, who have long exploited the software’s weaknesses to steal data from people’s computers.
Security researcher Haifei Li, who runs the EXPMON exploit detection system, discovered the vulnerability after someone upload a copy of a malicious PDF containing the exploit to its malware scanner. In a blog postLi wrote that another copy of the PDF with malware first appeared on VirusTotal, another online malware scanner, in late November 2025.
It’s unclear who the hacking campaign was targeting or why, and Li said it was not possible to obtain additional exploits from the hacker’s servers. But according to Li’s analysis, opening a malicious PDF and activating the exploit “could lead to full control of the victim’s system” and give the hacker the ability to steal a wide range of data.
Adobe said Acrobat DC, Reader DC and Acrobat 2024 are affected and urged users to update their software to the latest versions.
