CVE-2026-34621

HIGH

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS v3.1 Score

8.6
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
LOCAL
Complexity
LOW
Privileges
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 4/11/2026Modified: 4/13/2026

Related Intelligence (7)

CRITICALZero Day

Patch Tuesday, April 2026 Edition

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that ca

CVE-2026-32201CVE-2026-33120
Krebs on Security
CRITICALZero Day

Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw

Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. [...]

CVE-2026-34621
BleepingComputer
LOWVulnerability

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

<p>CISA has added seven new vulnerabilities to its <a href="/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.or

CVE-2012-1854CVE-2020-9715
CISA Advisories
HIGHVulnerability

CISA KEV: Adobe Acrobat and Reader — Adobe Acrobat and Reader Prototype Pollution Vulnerability

Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.

CVE-2026-34621Adobe Acrobat and Reader
CISA KEV
CRITICALZero Day

Adobe Patches Reader Zero-Day Exploited for Months

The vulnerability is tracked as CVE-2026-34621 and Adobe has confirmed that it can be exploited for arbitrary code execution. The post Adobe Patches Reader Zero-Day Exploited for Months appeared first on SecurityWeek .

CVE-2026-34621
SecurityWeek
CRITICALVulnerability

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations. It has been described as

CVE-2026-34621
The Hacker News
CRITICALVulnerability

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe is aware of CVE-2026-34621 being exploited in the wild.

[object Object]

CVE-2026-34621
r/blueteamsec

References (2)

https://helpx.adobe.com/security/products/acrobat/apsb26-43.htmlVendor Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34621US Government Resource