Adobe has released security updates to address a critical vulnerability in Acrobat Reader that is already being actively exploited in the wild. The flaw, tracked as CVE-2026-34621, could allow attackers to execute malicious code on affected systems.
The issue stems from improper input validation when processing PDF files, enabling remote attackers to trick users into opening specially crafted documents that trigger arbitrary JavaScript execution.
The vulnerability affects multiple versions of Acrobat DC, Acrobat Reader DC, and Acrobat 2024 across both Windows and macOS platforms. Users are strongly recommended to apply patches as soon as possible.
In a separate disclosure, a vulnerability has been found in marimo, an open-source reactive Python notebook platform. The flaw, tracked as CVE-2026-39987, allows unauthenticated remote code execution via a terminal WebSocket endpoint, granting attackers full interactive shell access without needing credentials.
Security researchers from the Sysdig threat research team reported that exploitation began within hours of public disclosure. In one observed incident, attackers developed a working exploit directly from the advisory and carried out a full credential theft operation in under three minutes.