Login
You're viewing the mstdn.social public feed.
  • Apr 11, 2026, 1:48 PM

    This is now fixed as CVE-2026-34621.

    Interestingly, it's a single CVE that is described as RCE. So presumably the same vulnerability that allowed for the reading of arbitrary files also is what enabled RCE.

    Which suggests that somebody at Adobe did see what the second stage looked like. Or was able logically draw the conclusion that the same vulnerability (used in a different way) could be leveraged for RCE. 🤔

    💬 2🔄 2⭐ 0

Replies