A critical vulnerability affecting millions of users has spawned coordinated advisories from Singapore, France, and CISA.
The Cyber Security Agency of Singapore issued an advisory on April 13 warning of active exploitation of CVE-2026-34621, a critical prototype pollution vulnerability in Adobe Acrobat and Reader for Windows and macOS. The flaw allows unauthenticated attackers to execute arbitrary code on vulnerable systems.
CERT-FR released a parallel advisory detailing the vulnerability affecting Acrobat 2024 and Acrobat Classic 2020 versions. CISA subsequently added CVE-2026-34621 to its Known Exploited Vulnerabilities catalog, requiring federal agencies to remediate the flaw by May 4, 2026.
CISA also added CVE-2020-9715, a historical Adobe vulnerability, to the KEV catalog, suggesting ongoing attack campaigns leveraging multiple Adobe flaws. Organizations should immediately update Adobe Acrobat and Reader to patched versions to prevent compromise.
Sources
CVE-2026-34621: Adobe Acrobat Zero-Day Alert
Critical Adobe Acrobat Zero-Day CVE-2026-34621 Actively Exploited
CISA Adds Adobe Acrobat Zero-Day to KEV Catalog
CISA Adds Adobe Acrobat CVE-2020-9715 to Exploited Vulnerabilities Catalog
More from Data Privacy & Cybersecurity Browse all →
CISA Warns Critical ICS Flaws Expose SQL Credentials in Mitsubishi, ICONICS Products
April 13, 2026
Russian APT28 Hijacks Routers to Steal Government Passwords
April 12, 2026
Six Agencies Warn of Iranian Hackers Targeting US Industrial Controls
April 11, 2026
CISA Warns of Actively Exploited Fortinet Vulnerability Affecting Enterprises
April 10, 2026
Get the briefing in your inbox
The top regulatory stories, delivered daily. No noise.
Free. Unsubscribe anytime.