CVE-2026-34622

HIGH

Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)

Title source: cna

Description

Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References (1)

[Vendor Advisory] https://helpx.adobe.com/security/products/acrobat/apsb26-44.html

Scores

CVSS v3 8.6

EPSS 0.0024

EPSS Percentile 46.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1321

Status published

Products (4)

adobe/acrobat 24.0.0 - 24.001.30365

Adobe/Acrobat Reader < 26.001.21411

adobe/acrobat_dc 15.008.20082 - 26.001.21431

adobe/acrobat_reader_dc 15.008.20082 - 26.001.21431

Published Apr 14, 2026

Tracked Since Apr 14, 2026