CVE-2026-34621

CVE-2026-34621 is an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability, mapped to CWE-1321, affecting Adobe Acrobat Reader versions 24.001.30356, 26.001.21367, and earlier. Published on 2026-04-11, this flaw could result in arbitrary code execution in the context of the current user.

Exploitation requires user interaction, as a victim must open a malicious file. An attacker who can trick a user into opening such a file—typically via social engineering or phishing—can achieve arbitrary code execution with the privileges of the current user. The CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) reflects a local attack vector, low attack complexity, no required privileges, user interaction dependency, changed scope, and high impacts on confidentiality, integrity, and availability.

Adobe Security Bulletin APSB26-43 details the issue and mitigation: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34621, indicating active exploitation in the wild.