Zero Day MonitorZDM

← Back to list

9.6

CVE-2026-34621EXPLOITEDPATCHED

adobe · acrobat reader

Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)

Description

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Products

Vendor	Product	Versions
adobe	acrobat reader	0, 26.001.21411, 24.001.30362, 24.001.30360

References

https://helpx.adobe.com/security/products/acrobat/apsb26-43.html(vendor-advisory)

Related News (2 articles)

Tier D

Heise Security3h ago

Jetzt patchen! Adobe veröffentlicht Notfall-Sicherheitsupdate für Acrobat Reader

→ No new info (linked only)

Tier C

VulDB15h ago

CVE-2026-34621 | Adobe Acrobat Reader up to 24.001.30356/26.001.21367 File prototype pollution (apsb26-43)

→ No new info (linked only)

CVSS 3.19.6 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://helpx.adobe.com/security/products/acrobat/apsb26-43.html

CWECWE-1321, CVE-2026-34621

PublishedApr 11, 2026

Last enriched2h agov3

Tags

remote code executionprivilege escalationinformation disclosurecritical

Trending Score61

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-27220

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current

MEDIUMCVE-2026-3778

Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

MEDIUMCVE-2026-3774

Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor

HIGHCVE-2026-27271

Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation

HIGHCVE-2026-27272

Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 11, 2026

Discovered by ZDM

Apr 11, 2026

Updated: description, affectedVersions, activelyExploited

Apr 11, 2026

Actively Exploited

Apr 11, 2026

Patch Available

Apr 11, 2026

Updated: affectedVersions, cweIds

Apr 11, 2026

Version History

v3

Last enriched 2h ago

v3Tier D2h ago

Updated affected versions to include 26.001.21411 and 24.001.30362, marked exploit as available, and added new CVE ID CVE-2026-34621.

affectedVersionscweIds

via Heise Security

v2Tier C14h ago

Updated description with more technical detail, confirmed affected versions, and noted that no exploit is available.

descriptionaffectedVersionsactivelyExploited

via VulDB

v115h ago

Initial creation