Adobe released a patch on April 11, 2026 for a Prototype Pollution RCE in Acrobat Reader that had been exploited since December 2025. CVSS 8.6, Priority 1. Apply within 72 hours.
An Adobe Reader/Acrobat zero-day actively exploited since November 2025. A two-bug chain achieves sandbox bypass and RCE, affecting all versions including the latest. No patch available.
