Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
| Vendor | Product | Versions |
|---|---|---|
| adobe | acrobat_dc | 0, 26.001.21411, 24.001.30362, 24.001.30365, 26.001.21431, 2023.006.20320 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| adobe | acrobat_reader_dc | cve_cpe | 95% |
| adobe | acrobat | cve_cpe | 95% |
| apple | macos | cve_cpe | 95% |
| microsoft | windows | cve_cpe | 95% |
Updated description with detailed exploit capabilities, added affected version 2023.006.20320, and included new CWEs and IoCs.
Updated severity to CRITICAL, added new affected versions, and noted that the patch is now available for newer versions.
Updated description with technical details, changed severity to HIGH, and added new affected versions.
Updated affected versions to include specific version numbers for Acrobat and Acrobat Reader DC, and marked exploit availability as true.
Updated description with more technical detail, changed severity to CRITICAL, and added zero-day tag.
Updated affected versions to include 26.001.21411 and 24.001.30362, marked exploit as available, and added new CVE ID CVE-2026-34621.
Updated description with more technical detail, confirmed affected versions, and noted that no exploit is available.
Initial creation