Adobe has patched a vulnerability in its flagship document-reading apps, Acrobat DC, Reader DC and Acrobat 2024, that hackers have been actively exploiting for at least four months.

The vulnerability, officially tracked as CVE-2026-34621, allows hackers to remotely plant malware on a person’s device by tricking them into opening a maliciously crafted PDF file on their Windows device or macOS computer. The exploit targets a vulnerability in some versions of the Adobe Reader software.

It is not yet known how many people have been affected by this hacking campaign. In a note on its website, Adobe said it was aware that the bug is being exploited in the wild, known as a zero-day, indicating that hackers have been using it to break into people’s computers before Adobe could fix it.

While it’s not clear who is behind the hacking campaign, the ubiquity of Adobe’s PDF-reading software makes it a consistent target for cyber criminals and government-backed hackers, who have long abused weaknesses in the software to steal data from people’s computers.

Security researcher Haifei Li, who runs the exploit-detection system EXPMON, discovered the vulnerability after someone uploaded a copy of a malicious PDF containing the exploit to his malware scanner. In a blog post, Li wrote that another copy of the malware-ridden PDF first appeared on VirusTotal, another online malware scanner, in late November 2025.

It’s not clear who the hacking campaign was targeting or for what reason, and Li said it was not possible to obtain any additional exploits from the hacker’s servers. But according to Li’s analysis, opening a malicious PDF and triggering the exploit “could lead to full control of the victim’s system” and give the hacker the ability to steal a wide range of data.

Adobe said Acrobat DC, Reader DC, and Acrobat 2024 are affected, and urged users to update their software to the latest versions.

Topics

Adobe, cyberattack, cybersecurity, exploit, PDF, Security

Zack Whittaker

Security Editor

Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security.

He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at zack.whittaker@techcrunch.com.

View Bio

April 30

San Francisco, CA

StrictlyVC kicks off the year in SF. Get in the room for unfiltered fireside chats with industry leaders, insider VC insights, and high-value connections that actually move the needle. Tickets are limited.

Adobe fixes PDF zero-day security bug that hackers have exploited for months