ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) catalog lists CVE-2026-34621 as an Adobe Acrobat and Reader Prototype Pollution Vulnerability that allows for arbitrary code execution. It notes the related CWE as CWE-1321 and states that it is Unknown whether it has been used in ransomware campaigns.
Date added is 13 April 2026 with a due date of 27 April 2026, and the guidance urges applying mitigations per vendor instructions, following applicable BOD 22-01 guidance for cloud services, or discontinuing use of the product if mitigations are unavailable. The entry also provides links to Adobe’s security APSB and the NVD page for CVE-2026-34621 for further details.
This KEV record emphasises prioritising vulnerability management and keeping pace with threat activity, using the catalog as an input to organisational prioritisation frameworks.