Vulnerability intelligence
CVE-2026-34621
Adobe Acrobat and Reader Prototype Pollution Vulnerability
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
8.6
High
EPSS — Exploit Probability
11%
Riskier than 94% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-04-27
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-04-27.
13 articles across 9 outlets · first covered Apr 12, 2026 · latest Apr 15, 2026
Coverage timeline
-
Exploiters target SAP SQLi and Adobe zero day flaws in Aprilthehackernews.com · Apr 15, 2026
-
Microsoft fixes 167 flaws, patches SharePoint zero day exploitkrebsonsecurity.com · Apr 14, 2026
-
Adobe Patches 55 Vulnerabilities Across 11 Productswww.securityweek.com · Apr 14, 2026
-
CISA Adds Critical Adobe, Microsoft, Fortinet Flaws to KEV Catalogsecurityaffairs.com · Apr 14, 2026
-
Adobe Acrobat Bug CVE-2026-34621 Allows Arbitrary Code Executionwww.cisa.gov · Apr 13, 2026
-
CISA warns of active Adobe Acrobat flaw letting hackers run codecisa.gov · Apr 13, 2026
-
Adobe patches CVE-2026-34621 in Acrobat after wild exploitationwww.darkreading.com · Apr 13, 2026
-
Alleged Police Tipline Data Sale, iOS and Adobe Exploits, RDWeb Access Listings, and Gunra Recruitmentsocradar.io · Apr 13, 2026
-
Adobe Reader zero day exploited via malicious PDF to steal fileswww.malwarebytes.com · Apr 13, 2026
-
Adobe patches Acrobat after CVE‑2026‑34621 exploited in the wildsocradar.io · Apr 13, 2026
-
Patch Issued for Critical Adobe Acrobat Zero Day CVE-2026-34621securityaffairs.com · Apr 12, 2026
-
Adobe Patches Reader Zero-Day Exploited for Monthswww.securityweek.com · Apr 12, 2026
-
Adobe patches zero day flaw in Acrobat Reader, CVE-2026-34621thehackernews.com · Apr 12, 2026