CVE-2026-34621:
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.6High- Published Date:Apr 11, 2026
- CISA KEV Date:Apr 13, 2026
- Industries Affected:20
Threat Predictions
- EPSS Score:7.6
- EPSS Percentile:92%
Exploitability
- Score:1.8
- Attack Vector:LOCAL
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:REQUIRED
- Scope:CHANGED
Impact
- Score:6.0
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
