CVE-2026-34621
Received Received - Intake
Prototype Pollution in Adobe Acrobat Reader Enables Code Execution

Publication date: 2026-04-11

Last updated on: 2026-04-13

Assigner: Adobe Systems Incorporated

Description
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-11
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34621
EUVD
EUVD-2026-21675
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
adobe acrobat_dc to 26.001.21411 (exc)
adobe acrobat_reader_dc to 26.001.21411 (exc)
adobe acrobat From 24.0.0 (inc) to 24.001.30362 (exc)
adobe acrobat From 24.0.0 (inc) to 24.001.30360 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1321 The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier. It is an Improperly Controlled Modification of Object Prototype Attributes, also known as 'Prototype Pollution'. This flaw could allow an attacker to execute arbitrary code within the context of the current user.

To exploit this vulnerability, an attacker must trick a victim into opening a malicious file.

Impact Analysis

If exploited, this vulnerability can lead to arbitrary code execution with the privileges of the current user. This means an attacker could potentially run malicious code, steal data, or perform unauthorized actions on the affected system.

Mitigation Strategies

To mitigate this vulnerability, ensure that Acrobat Reader is updated to a version later than 24.001.30356 or 26.001.21367, as these versions are affected.

Additionally, since exploitation requires user interaction by opening a malicious file, educate users to avoid opening suspicious or untrusted files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34621. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart