New Critical Flaw Discovered in Atril Document Viewer

Security researchers disclosed CVE-2026-46529, a single-click remote code execution in the Atril document viewer that uses a polyglot PDF/ELF to execute arbitrary commands via unsafe argument handling in shell/ev-application.c:ev_spawn; the flaw affects many Linux distributions and desktop environments, proof-of-concept code is public, and users are advised to avoid untrusted document links and apply vendor patches promptly.