# CVE-2026-34621

> Critical client-side remote code execution vulnerability in Adobe Acrobat and Acrobat Reader caused by a use-after-free condition in the JavaScript-to-AcroForm bridge of the PDF rendering engine. When an attacker-supplied PDF triggers a crafted sequence of form field mutations while a referenced object is being garbage collected, the engine dereferences a stale pointer controlled via heap grooming, yielding arbitrary code execution in the context of the process. Exploitation requires only that the victim open the malicious PDF with no further user interaction. Observed in-the-wild exploitation

- **CVSS:** 9.8 (CRITICAL)
- **EPSS:** 9.8%
- **CISA KEV:** yes
- **CWE:** CWE-416, CWE-787, CWE-1321

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-34621
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp