CVE-2026-34621

HIGH KEV

Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)

Title source: cna
STIX 2.1

Exploitation Summary

CVE-2026-34621 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 13, 2026. EIP tracks 7 public exploits from researchers including ercihan, NULL200OK, Hex0rc1st.

AI-analyzed exploit summary This repository provides a detailed technical analysis of a multi-stage Adobe Acrobat PDF JavaScript sample, focusing on its attack chain, environment triage, and exploit-oriented primitives. It documents the sample's behavior, code structure, and defensive analysis without including functional exploit code.

Description

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Exploits (7)

nomisec WRITEUP 1 stars
by ercihan · poc
https://github.com/ercihan/CVE-2026-34621_PDF_SAMPLE

This repository provides a detailed technical analysis of a multi-stage Adobe Acrobat PDF JavaScript sample, focusing on its attack chain, environment triage, and exploit-oriented primitives. It documents the sample's behavior, code structure, and defensive analysis without including functional exploit code.

Classification
Writeup 95%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: Adobe Acrobat
No auth needed
Prerequisites: Malicious PDF sample with embedded JavaScript
devstral-2 · analyzed Apr 17, 2026 Full analysis →
nomisec WORKING POC 1 stars
by NULL200OK · poc
https://github.com/NULL200OK/cve_2026_34621_advanced

This repository contains a functional exploit generator for CVE-2026-34621, a prototype pollution vulnerability in Adobe Acrobat and Reader leading to sandbox escape and arbitrary code execution on Windows and macOS. The Python script generates malicious PDFs with configurable payloads, obfuscation, and persistence mechanisms.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Acrobat and Reader (versions ≤ 26.001.21367, ≤ 24.001.30356)
No auth needed
Prerequisites: Vulnerable version of Adobe Acrobat/Reader · Victim interaction (opening malicious PDF)
devstral-2 · analyzed Apr 16, 2026 Full analysis →
nomisec SUSPICIOUS 1 stars
by eduardorossi84 · poc
https://github.com/eduardorossi84/CVE-2026-34621-POC

The repository claims to provide a PoC for CVE-2026-34621 but lacks actual exploit code, instead directing users to an external Telegram contact. The README is vague and lacks technical details about the vulnerability.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Adobe Acrobat Reader (Windows)
No auth needed
Prerequisites: victim opens malicious PDF
devstral-2 · analyzed Apr 14, 2026 Full analysis →
nomisec WORKING POC
by azefzafyoussef · client-side
https://github.com/azefzafyoussef/CVE-2026-34621

This repository contains a functional exploit PoC for CVE-2026-34621, demonstrating a prototype pollution and JavaScript injection chain in Adobe Acrobat Reader. The PoC includes a PDF generator, a malicious JavaScript payload, and a C2 server for exfiltration testing.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Acrobat Reader 2026
No auth needed
Prerequisites: victim opens malicious PDF · JavaScript execution enabled in Adobe Acrobat
devstral-2 · analyzed May 13, 2026 Full analysis →
nomisec SCANNER
by KeulenR01 · poc
https://github.com/KeulenR01/Remediate-AdobeAcrobat-CVE-2026-34621

This repository contains PowerShell scripts for detecting and remediating vulnerable Adobe Acrobat installations (CVE-2026-34621) by enforcing minimum versions and disabling JavaScript. It does not include exploit code but provides mitigation tools.

Classification
Scanner 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Adobe Acrobat/Reader DC versions below 26.001.21411
Auth required
Prerequisites: Administrative access to modify registry and uninstall software
devstral-2 · analyzed Apr 15, 2026 Full analysis →
nomisec WRITEUP
by ercihan · poc
https://github.com/ercihan/CVE-2026-34621

This repository provides a detailed technical analysis of CVE-2026-34621, focusing on Adobe Acrobat's JavaScript trust model and privileged API exposure. It includes reverse-engineered mappings of native handlers and an interpretation of the vulnerability as a trust/context handling flaw.

Classification
Writeup 100%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: Adobe Acrobat
No auth needed
Prerequisites: Reverse engineering skills · Access to Adobe Acrobat internals
devstral-2 · analyzed Apr 14, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.6
EPSS 0.1103
EPSS Percentile 93.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2026-04-13
VulnCheck KEV 2026-04-07
ENISA EUVD EUVD-2026-21675
CWE
CWE-1321
Status published
Products (4)
adobe/acrobat 24.0.0 - 24.001.30362
Adobe/Acrobat Reader < 26.001.21367
adobe/acrobat_dc < 26.001.21411
adobe/acrobat_reader_dc < 26.001.21411
Published Apr 11, 2026
KEV Added Apr 13, 2026
Tracked Since Apr 11, 2026