INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Adobe, Fortinet, Microsoft Exchange Server Exploit Vulnerabilities Catalog
| 2026-04-14 07:38 CRITICAL HIGHExecutive Summary AI-generated
The US agency has added a slew of critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, with the most recent additions including CVE-2026-21643 and CVE-2012-1854. These flaws, which were discovered in Adobe Acrobat Reader, Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability, Fortinet SQL Injection Vulnerability, and Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability among others, pose a significant threat to the security of federal agencies' networks. The agency has ordered affected systems to be patched by April 27, 2026, except for CVE-2026-21643 which must be addressed by April 16, 2026. This highlights the urgent need for timely and effective remediation efforts to prevent potential exploitation and minimize the risk of catastrophic consequences.
Technical Mitigations AI-generated
* Implement secure coding practices, such as input validation and sanitization, to prevent Prototype Pollution Vulnerability (CVE-2026-34621) attacks.
* Regularly update and patch Microsoft Exchange Server and Windows systems to address Out-of-Bounds Read Vulnerabilities (CVE-2023-36424) and privilege escalation risks (CVE-2023-21529).
* Use secure protocols, such as HTTPS, when transmitting sensitive data over the internet to prevent SQL Injection vulnerabilities in Fortinet FortiClient EMS (CVE-2026-21643).
* Implement proper error handling and logging mechanisms to detect and respond to use-after-free vulnerabilities in Adobe Acrobat Reader (CVE-2020-9715) and Microsoft Exchange Server.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2020-9715CVE-2020-9715
CVE-2023-36424CVE-2023-36424
CVE-2023-21529CVE-2023-21529
CVE-2026-34621CVE-2026-34621
CVE-2025-60710CVE-2025-60710
CVE-2026-21643CVE-2026-21643
CVE-2012-1854CVE-2012-1854
Target & Sectors
NORTH_AMERICA
NORTH_AMERICA
Incident Timeline
July 2012
Threat actors used a known exploit of CVE-2012-1854 in Windows to target the vulnerability.
Click on any entity below to view its context and source!
infrastructure
Windows
As for CVE-2012-1854, the Windows maker
acknowledged
in an advisory released in July 2012 that it's aware of "limited, targeted attacks" attempting to abuse the vulnerability.
vulnerability
CVE-2012-1854
As for CVE-2012-1854, the Windows maker
acknowledged
in an advisory released in July 2012 that it's aware of "limited, targeted attacks" attempting to abuse the vulnerability.
March 24, 2026
Threat actors used a known exploit of CVE-2026-21643 to target Microsoft Exchange Server.
Click on any entity below to view its context and source!
vulnerability
CVE-2026-21643
The addition of CVE-2026-21643 to the KEV catalog comes after Defused Cyber
said
it detected exploitation attempts targeting the flaw since March 24, 2026.
organisation
KEV
The addition of CVE-2026-21643 to the KEV catalog comes after Defused Cyber
said
it detected exploitation attempts targeting the flaw since March 24, 2026.
2026/04/07
Threat actors used a vulnerability in Adobe Acrobat Reader to target Microsoft Exchange Server and exploit Medusa ransomware.
Click on any entity below to view its context and source!
vulnerability
CVE-2026-21643
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
infrastructure
Windows
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
tactic
T1584.004 - Server
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
vulnerability
CVE-2026-34621
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
vulnerability
CVE-2012-1854
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
vulnerability
CVE-2020-9715
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
vulnerability
CVE-2023-21529
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
Last week, Microsoft
revealed
that a threat actor it tracks as Storm-1175 has been weaponizing CVE-2023-21529 in attacks to deliver Medusa ransomware.
vulnerability
CVE-2023-36424
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
vulnerability
CVE-2025-60710
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
vulnerability
CVSS score of 8.6
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
infrastructure
8.6
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
organisation
Reader Prototype Pollution Vulnerability
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
organisation
Microsoft
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
tactic
T1059.005 - Visual Basic
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
organisation
Microsoft Exchange
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
organisation
Untrusted Data Vulnerability
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
organisation
Adobe
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
infrastructure
21529 Server Deserialization
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
tactic
Ransomware
Last week, Microsoft
revealed
that a threat actor it tracks as Storm-1175 has been weaponizing CVE-2023-21529 in attacks to deliver Medusa ransomware.
organisation
Storm-1175
Last week, Microsoft
revealed
that a threat actor it tracks as Storm-1175 has been weaponizing CVE-2023-21529 in attacks to deliver Medusa ransomware.
Apr 14, 2026
Threat actors exploited known vulnerabilities in Adobe, Fortinet, Microsoft Exchange Server and Windows to gain unauthorized access.
2026/04/14
The US Cybersecurity and Infrastructure Security Agency (CISA) added vulnerabilities to the Known Exploited Vulnerabilities catalog.
Click on any entity below to view its context and source!
organisation
SQL
The list of vulnerabilities is as follows -
CVE-2026-21643
(CVSS score: 9.1) - An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
organisation
Fortinet FortiClient EMS
The list of vulnerabilities is as follows -
CVE-2026-21643
(CVSS score: 9.1) - An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
infrastructure
Windows
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog.
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog.
An out-of-bounds read vulnerability in Microsoft Windows Common Log File System Driver that could result in privilege escalation.
An improper link resolution before file access vulnerability in Host Process for Windows Tasks that could allow an authorized attacker to
elevate privileges locally
.
organisation
Microsoft
An out-of-bounds read vulnerability in Microsoft Windows Common Log File System Driver that could result in privilege escalation.
organisation
Host Process for Windows Tasks
An improper link resolution before file access vulnerability in Host Process for Windows Tasks that could allow an authorized attacker to
elevate privileges locally
.
organisation
Microsoft Exchange
A deserialization of untrusted data in Microsoft Exchange Server that could allow an authenticated attacker to achieve remote code execution.
organisation
CVE-2020-9715
CVE-2020-9715
(CVSS score: 7.8) -
organisation
CVE-2023-21529
CVE-2023-21529
(CVSS score: 8.8) -
organisation
CVE-2023-36424
CVE-2023-36424
(CVSS score: 7.8) -
organisation
CVE-2025-60710
CVE-2025-60710
(CVSS score: 7.8) -
organisation
VBA
An insecure library loading vulnerability in Microsoft Visual Basic for Applications (VBA) that could result in remote code execution.
organisation
an SQL Command
The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS.
April 16, 2026
Threat actors used a known exploit of CVE-2026-21643 in Adobe products to target Microsoft Exchange Server and Microsoft Windows systems.
Click on any entity below to view its context and source!
vulnerability
CVE-2026-21643
CISA orders federal agencies to fix the vulnerabilities by April 27, 2026, except CVE-2026-21643, which must be addressed by April 16, 2026.
April 27, 2026
The U.S. CISA directive orders federal agencies to fix vulnerabilities in Adobe, Fortinet, Microsoft Exchange Server and Windows by April 27, 2026, except for CVE-2026-21643 which must be addressed by April 16, 2026.
Click on any entity below to view its context and source!
vulnerability
CVE-2026-21643
CISA orders federal agencies to fix the vulnerabilities by April 27, 2026, except CVE-2026-21643, which must be addressed by April 16, 2026.
April 27, 2026
Threat actors exploited known vulnerabilities in Adobe, Fortinet, Microsoft Exchange Server and Windows to gain unauthorized access.
April 27
Threat actors used a known exploit to target Adobe, Fortinet and Microsoft Exchange Server vulnerabilities.
Click on any entity below to view its context and source!
attribution
FCEB
In light of active attacks, Federal Civilian Executive Branch (FCEB) agencies are required to apply the fixes by April 27, 2026.
attribution
Federal Civilian Executive Branch
In light of active attacks, Federal Civilian Executive Branch (FCEB) agencies are required to apply the fixes by April 27, 2026.
Tactical Metrics
Metrics
infrastructure
Windows
Affected Product
Click for context!
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog.
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog.
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
An out-of-bounds read vulnerability in Microsoft Windows Common Log File System Driver that could result in privilege escalation.
An improper link resolution before file access vulnerability in Host Process for Windows Tasks that could allow an authorized attacker to
elevate privileges locally
.
As for CVE-2012-1854, the Windows maker
acknowledged
in an advisory released in July 2012 that it's aware of "limited, targeted attacks" attempting to abuse the vulnerability.
Metrics
infrastructure
8.6
Software Version
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
Metrics
infrastructure
21,529
Server Deserialization
Below are the flaws added to the catalog:
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2012-1854
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715
Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
CVE-2026-21643
Fortinet SQL Injection Vulnerability
Last week, Adobe
released emergency updates
to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited.
Metrics
infrastructure
Microsoft Office
Affected Product
CISA also added to the KeV catalog the vulnerability CVE-2012-1854, which is an untrusted search path / DLL hijacking flaw affecting components of Microsoft Office VBA, specifically VBE6.dll used in Office and Visual Basic for Applications.
Intelligence Sources
Security Affairs
2026-04-14
The Hacker News
2026-04-14
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-04-27T06:27
Comprehensive Tactical Telemetry
Highly Correlated Entities
18x
attribution
Attributing Entity
Fortinet
authority
16x
organisation
Identified Entity
Reader Prototype Pollution Vulnerability
entity
10x
timeline
Temporal Reference
April 27, 2026
date
7x
vulnerability
Exploited CVE
CVE-2026-21643
cve
4x
tactic
Cyber Operation Type
Lateral Movement
tactic
4x
tactic
MITRE ATT&CK Technique
T1584.004 - Server
technique
2x
infrastructure
Affected Product
Windows
software
2x
vulnerability
CVSS Score
9
score
Contextual Telemetry
Context Block
8 METRICS
target region
Target Country
United States
country
infrastructure
Software Version
8.6
version
infrastructure
Server Deserialization
21,529
server deserialization
general metric
Score
9
score
general metric
Cve-2020 9715
8
cve-2020 9715
general metric
Cvss Score
9
cvss score
general metric
Known Exploited Flaws
6
known exploited flaws
general metric
Apr
14
apr
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.