All Notes - Youssef.sec

Research

CVE-2026-34621/34622/34626 — Adobe Acrobat RCE Chain

Three-primitive exploit chain in Adobe Acrobat: prototype pollution via swConn, unsafe eval() injection via ANFancyAlertImpl, and trusted object confusion via doc.path. Includes full malware analysis and patch diffing.

Youssef

Read