Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3863 articles · 169563 vulns · 37/41 feeds (7d)
← Back to list
8.6
CVE-2026-34621KEVEXPLOITEDPATCHED
adobe · acrobat_dc

Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)

Description

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Products

VendorProductVersions
adobeacrobat_dc0, 26.001.21411, 24.001.30362, 24.001.30365, 26.001.21431, 2023.006.20320

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
adobeacrobat_reader_dccve_cpe95%
adobeacrobatcve_cpe95%
applemacoscve_cpe95%
microsoftwindowscve_cpe95%

References

  • https://helpx.adobe.com/security/products/acrobat/apsb26-43.html(vendor-advisory)

Related News (20 articles)

Tier D
BleepingComputer3h ago
Adobe patches seven max severity ColdFusion, Campaign flaws
→ No new info (linked only)
Tier E
Hacker News61d ago
Zero-Day fingerprinting attack targeting Adobe Reader
→ No new info (linked only)
Tier E
Reddit r/netsec68d ago
CVE-2026-34621: Adobe Acrobat Reader zero-day was on VirusTotal for 136 days before Adobe named it a CVE
→ No new info (linked only)
Tier B
CERT-FR72d ago
Bulletin d'actualité CERTFR-2026-ACT-018 (20 avril 2026)
→ No new info (linked only)
Tier D
Help Net Security73d ago
Week in review: Acrobat Reader flaw exploited, Claude Mythos offensive capabilities and limits
→ No new info (linked only)
Tier D
Heise Security77d ago
Adobe-Patchday: Kritische Schadcode-Lücken bedrohen Photoshop & Co.
→ No new info (linked only)
Tier D
SecurityWeek77d ago
Adobe Patches 55 Vulnerabilities Across 11 Products
→ No new info (linked only)
Tier D
SecurityWeek78d ago
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities
→ No new info (linked only)
Tier B
BSI Advisories78d ago
[UPDATE] [hoch] Adobe Acrobat und Acrobat Reader: Mehrere Schwachstellen
→ No new info (linked only)
Tier D
Heise Security78d ago
Angriffe auf sieben Sicherheitslücken beobachtet – eine ist 14 Jahre alt
→ No new info (linked only)
Tier D
BleepingComputer78d ago
Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
→ No new info (linked only)
Tier B
CCCS Canada78d ago
Adobe Acrobat security advisory (AV26-340)
→ No new info (linked only)
Tier D
The Hacker News78d ago
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
→ No new info (linked only)
Tier D
Help Net Security79d ago
Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621)
→ No new info (linked only)
Tier B
CERT-FR79d ago
Bulletin d'actualité CERTFR-2026-ACT-017 (13 avril 2026)
→ No new info (linked only)
Tier B
CERT-FR79d ago
Vulnérabilité dans Adobe Acrobat (13 avril 2026)
→ No new info (linked only)
Tier E
Reddit r/cybersecurity79d ago
Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621
→ No new info (linked only)
Tier D
The Hacker News80d ago
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
→ No new info (linked only)
Tier D
Heise Security80d ago
Jetzt patchen! Adobe veröffentlicht Notfall-Sicherheitsupdate für Acrobat Reader
→ No new info (linked only)
Tier C
VulDB81d ago
CVE-2026-34621 | Adobe Acrobat Reader up to 24.001.30356/26.001.21367 File prototype pollution (apsb26-43)
→ No new info (linked only)
CVSS 3.18.6 CRITICAL
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA KEV✅ Yes
Actively exploited✅ Yes
Patch available
https://helpx.adobe.com/security/products/acrobat/apsb26-43.html
CWECWE-1321, CWE-20
PublishedApr 11, 2026
Last enriched61d agov8
Tags
remote code executionprivilege escalationinformation disclosurecriticalzero-daylocal attack vectorinformation harvestingsandbox escape
Trending Score160🔥
Source articles20
Independent12
Info Completeness12/14
Missing: epss, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-48282EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 59
CRITICALCVE-2026-48314EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 55
CRITICALCVE-2026-48276
ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
Trending: 53
HIGHCVE-2026-48285EXP
ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)
Trending: 52
CRITICALCVE-2026-48315EXP
ColdFusion | Improper Input Validation (CWE-20)
Trending: 50

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Apr 11, 2026
Added to CISA KEV
Apr 11, 2026
Discovered by ZDM
Apr 11, 2026
Updated: description, affectedVersions, activelyExploited
Apr 11, 2026
Updated: affectedVersions, cweIds
Apr 11, 2026
Updated: description, severity, tags
Apr 13, 2026
Updated: affectedVersions, exploitAvailable
Apr 13, 2026
Updated: affectedVersions, tags
Apr 13, 2026
Actively Exploited
Apr 14, 2026
Exploit Available
Apr 14, 2026
Patch Available
Apr 14, 2026
Updated: affectedVersions, severity
Apr 15, 2026
Updated: affectedVersions, cweIds, iocs, tags
Apr 30, 2026

Version History

v8
Last enriched 61d ago
v8Tier E61d ago

Updated description with detailed exploit capabilities, added affected version 2023.006.20320, and included new CWEs and IoCs.

affectedVersionscweIdsiocstags
via Hacker News
v7Tier D77d ago

Updated severity to CRITICAL, added new affected versions, and noted that the patch is now available for newer versions.

affectedVersionsseverity
via Heise Security
v6Tier D78d ago

Updated description with technical details, changed severity to HIGH, and added new affected versions.

affectedVersionstags
via BleepingComputer
v5Tier B78d ago

Updated affected versions to include specific version numbers for Acrobat and Acrobat Reader DC, and marked exploit availability as true.

affectedVersionsexploitAvailable
via CERT-FR
v4Tier D78d ago

Updated description with more technical detail, changed severity to CRITICAL, and added zero-day tag.

descriptionseveritytags
via Help Net Security
v3Tier D80d ago

Updated affected versions to include 26.001.21411 and 24.001.30362, marked exploit as available, and added new CVE ID CVE-2026-34621.

affectedVersionscweIds
via Heise Security
v2Tier C81d ago

Updated description with more technical detail, confirmed affected versions, and noted that no exploit is available.

descriptionaffectedVersionsactivelyExploited
via VulDB
v181d ago

Initial creation