critical Code Vulnerability zero-day
Adobe Reader Zero-Day — Active Exploitation, No Patch
| Severity | critical |
| Status | open |
| Date | March 26, 2026 |
| Affects | Adobe Reader (all current versions) |
| Source | cyberpress.org |
Details
Unpatched zero-day actively exploited in the wild. Crafted PDF abuses unpatched logic flaw in Adobe Reader’s JavaScript engine to invoke privileged Acrobat APIs. Opening the PDF triggers RCE with no further interaction. Very low VirusTotal detection. Multiple obfuscation layers defeat static and behavioral detection. No CVE assigned yet. No patch available.