CVE-2026-34622
Received Received - Intake
Prototype Pollution in Adobe Acrobat Reader Enables Code Execution

Publication date: 2026-04-14

Last updated on: 2026-04-16

Assigner: Adobe Systems Incorporated

Description
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-16
Generated
2026-05-07
AI Q&A
2026-04-14
EPSS Evaluated
2026-05-05
NVD
CVE-2026-34622
EUVD
EUVD-2026-22335
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
adobe acrobat From 24.0.0 (inc) to 24.001.30365 (exc)
adobe acrobat_dc From 15.008.20082 (inc) to 26.001.21431 (exc)
adobe acrobat_reader_dc From 15.008.20082 (inc) to 26.001.21431 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1321 The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that users do not open malicious files that could exploit the Prototype Pollution vulnerability in affected Acrobat Reader versions.

Additionally, update Acrobat Reader to a version later than 26.001.21411 or 24.001.30362, as these versions and earlier are affected.


Can you explain this vulnerability to me?

This vulnerability is a Prototype Pollution issue in certain versions of Acrobat Reader (26.001.21411, 24.001.30360, 24.001.30362 and earlier). Prototype Pollution occurs when an attacker can improperly modify the prototype attributes of objects, which can lead to unexpected behavior in the software.

In this case, the vulnerability could allow an attacker to execute arbitrary code with the privileges of the current user. However, exploitation requires user interaction, meaning the victim must open a specially crafted malicious file.


How can this vulnerability impact me? :

If exploited, this vulnerability could allow an attacker to run arbitrary code on your system with the same permissions as the current user. This could lead to unauthorized actions such as installing malware, stealing data, or modifying files.

Since exploitation requires the user to open a malicious file, the risk depends on user behavior and awareness.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability in Acrobat Reader allows for arbitrary code execution in the context of the current user if a malicious file is opened. Such a security flaw could potentially lead to unauthorized access or manipulation of sensitive data.

Because of the risk of unauthorized data access or alteration, organizations using affected versions might face challenges in maintaining compliance with data protection standards and regulations such as GDPR or HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

However, exploitation requires user interaction, which may mitigate some risk depending on the organization's security controls and user awareness.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart