CVE-2026-34626

MEDIUM

Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)

Title source: cna

Description

Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References (1)

[Vendor Advisory] https://helpx.adobe.com/security/products/acrobat/apsb26-44.html

Scores

CVSS v3 6.3

EPSS 0.0006

EPSS Percentile 18.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1321

Status published

Products (4)

adobe/acrobat 24.0.0 - 24.001.30365

Adobe/Acrobat Reader < 26.001.21411

adobe/acrobat_dc 15.008.20082 - 26.001.21431

adobe/acrobat_reader_dc 15.008.20082 - 26.001.21431

Published Apr 14, 2026

Tracked Since Apr 14, 2026