Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Active Exploitation of Critical Vulnerability in Adobe Acrobat and Reader

13 April 2026

Adobe has released a security update to address a critical vulnerability in Adobe Acrobat and Reader. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

Adobe has released a security update to address a critical prototype pollution vulnerability (CVE-2026-34621) affecting Adobe Acrobat and Reader for Windows and macOS.

Impact

Successful exploitation of this vulnerability could allow an unauthenticated attacker to perform arbitrary code execution.

Known Exploitation

This vulnerability is reportedly being exploited in the wild.

Affected Products

This vulnerability affects the following Adobe products on Windows and macOS:

- Acrobat DC (Continuous Track): versions 26.001.21367 and earlier

- Acrobat Reader DC (Continuous Track): versions 26.001.21367 and earlier

- Acrobat 2024 (Classic 2024 Track): versions 24.001.30356 and earlier

Mitigation

Users and administrators of affected products are advised to update to the latest versions immediately.

References

https://helpx.adobe.com/security/products/acrobat/apsb26-43.html

https://nvd.nist.gov/vuln/detail/CVE-2026-34621

https://thehackernews.com/2026/04/adobe-patches-actively-exploited.html

Back to top