🟢 CVE-2026-34621

Adobe Acrobat Reader is affected by a prototype pollution vulnerability that enables arbitrary code execution. Exploitation requires a user to open a malicious PDF file, making this a client-side attack rather than server exploitation.

← Back to Overview
LOW_RISK
Risk Level
8.6
CVSS Score
LOCAL
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2026-04-11

Added to CISA KEV: 2026-04-13 2 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2026-34621 is a critical vulnerability in Adobe Acrobat and Reader that has been subject to active exploitation in the wild. Below is the detailed breakdown of the vulnerability based on available information.

Overview and Impact
  • Vulnerability Type: The flaw is categorized as an "Improperly Controlled Modification of Object Prototype Attributes," commonly known as Prototype Pollution, occurring within the Adobe Acrobat and Reader EScript (JavaScript) engine [2].
  • Impact: Successful exploitation allows an attacker to bypass JavaScript trust boundaries, leading to arbitrary code execution on the victim's machine or the ability to read sensitive local files [2] [5].
Exploitation Details
  • Active Exploitation: Adobe has acknowledged that it is aware of the vulnerability being actively exploited in the wild [1] [5]. Reports indicate that exploitation has been occurring since at least December 2025 [1] [2].
  • Attack Method: The attack involves the use of specially crafted PDF documents containing malicious JavaScript code [1]. When a user opens these documents, the vulnerability is triggered, allowing the attacker to execute code within the context of the application [1].
  • Requirements: Exploitation requires user interaction—specifically, the victim must open the malicious PDF file [1].
  • Targeting: The vulnerability has been utilized in targeted campaigns [2]. There is currently no widespread evidence linking this specific CVE to major ransomware campaigns, though its ability to achieve arbitrary code execution makes it a potent tool for various malicious activities.
Proof-of-Concept (PoC) Availability
  • Technical analysis and research-oriented Proof-of-Concept (PoC) code have been made available on platforms like GitHub by security researchers (e.g., analyzing the exploit chain involving Prototype Pollution, internal JavaScript injection, and trusted workflow abuse) [3] [6].
Affected Versions and Mitigation
  • Affected Versions: The vulnerability affects Adobe Acrobat Reader versions 24.001.30356, 26.001.21367, and all earlier versions [4] [5].
  • Status: Adobe released a security update (APSB26-43) in April 2026 to address this critical flaw [5]. Users are strongly advised to update to the latest version of Adobe Acrobat and Reader to mitigate the risk of exploitation.

Sources

  1. Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026 ...

    Adobe patches CVE-2026-34621 after active exploitation since Dec 2025, preventing remote code execution via malicious PDFs. ... Adobe acknowledged that it's "aware of CVE-2026-34621 being exploited in the wild." The development comes days after security researcher and EXPMON founder Haifei Li disclo…

  2. CVE-2026-34621: CVE-2026-34621: Prototype Pollution to Arbitrary Code ...

    CVE-2026-34621 is a critical Prototype Pollution vulnerability in the Adobe Acrobat and Reader EScript engine. The flaw allows attackers to bypass JavaScript trust boundaries and execute arbitrary code or read sensitive local files. Attackers have actively exploited this vulnerability in targeted ca…

  3. GitHub - azefzafyoussef/CVE-2026-34621

    CVE-2026-34621 : Adobe Acrobat 2026 Prototype Pollution & JS Injection Chain — Research PoC Overview This repository contains research material and proof-of-concept code developed during the analysis of the 2026 Adobe Acrobat Reader in-the-wild exploit chain involving: Prototype Pollution Internal J…

  4. CVE-2026-34621 Detail - NVD

    Description. Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object ... An official website of the United States government NVD MENU…

  5. Adobe APSB26-43 Security Bulletin

    This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe is aware of CVE-2026-34621 ... Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses a critical vulnerability. Successful exp…

  6. ercihan/CVE-2026-34621 - GitHub

    This repository contains a technical analysis of how Adobe Acrobat exposes privileged JavaScript functionality through native handlers, how those handlers are ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed