CVE-2026-34621
Published Apr 11, 2026
Last updated a month ago
AI description
CVE-2026-34621 is a 'Prototype Pollution' vulnerability affecting Adobe Acrobat Reader versions 24.001.30356, 26.001.21367, and earlier, including Acrobat DC and Acrobat 2024. This flaw, categorized as an Improperly Controlled Modification of Object Prototype Attributes, could enable arbitrary code execution within the context of the current user. Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data, unauthorized data modifications, and disruption of system operations. Exploitation of CVE-2026-34621 requires user interaction, specifically that a victim opens a malicious file. Reports indicate that this vulnerability has been actively exploited in the wild since at least December 2025, with some sources noting that no user interaction beyond simply opening a malicious PDF document is necessary for an attack to succeed. Adobe has released emergency updates to address this issue.
- Description
- Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
- Products
- acrobat_dc, acrobat_reader_dc, acrobat
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Exploit added on
- Apr 13, 2026
- Exploit action due
- Apr 27, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- psirt@adobe.com
- CWE-1321
- Hype score
- Not currently trending
CVE-2026-34621: On November 28, 2025, someone uploaded a PDF named Invoice540.pdf to VirusTotal. Thirteen of sixty-four AV engines flagged it. The remaining fifty-one saw a document. Inside was a working zero-day against the latest Adobe Acrobat Reader that polluted the…
@lyrie_ai
30 Apr 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🕵️ Adobe CVE-2026-34621 was exploited since NOV 2025 — 5 months before the emergency patch. @briankrebs confirms. Check your Adobe patch status TODAY. https://t.co/2eaZa4922F #Adobe #ZeroDay #cybersecurity
@JNitterauer
29 Apr 2026
95 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-48757 2 - CVE-2026-34621 3 - CVE-2026-35616 4 - CVE-2026-23654 5 - CVE-2026-5760 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
21 Apr 2026
254 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Opening a PDF shouldn’t compromise your system—but with CVE-2026-34621, it can. In this week’s episode of IT SPARC Cast - CVE of the Week, @johnbarger and @loudoggeek cover an Adobe Acrobat zero-day vulnerability that has been actively exploited since late 2025 and allows
@ITSPARCCast
17 Apr 2026
180 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
2 Quotes
Opening a PDF shouldn’t compromise your system—but with CVE-2026-34621, it can. In this week’s episode of IT SPARC Cast - CVE of the Week, @johnbarger and @loudoggeek cover an Adobe Acrobat zero-day vulnerability that has been actively exploited since late 2025 and allows
@ITSPARCCast
17 Apr 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Patch Tuesday أبريل 2026 — ثاني أكبر تحديث أمني بتاريخ Microsoft. ثغرة Adobe CVE-2026-34621 كانت مستغلة من نوفمبر 2025 — يعني 5 شهور والهاكرز يستخدمونها بدون ما أحد يدري. BlueHammer ب
@nexorify
16 Apr 2026
233 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Adobe Reader/Acrobatの実悪用CVE-2026-34621に緊急更新】 AdobeのAPSB26-43では、CVE-2026-34621を修正する更新が公開され、Adobe自身が“実環境で悪用を認識している”と明記しています。対象はWindows/macOSのAcrobat DC、Reader D
@01ra66it
15 Apr 2026
361 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Adobe a corrigé une faille critique affectant ses principaux lecteurs #PDF exploitée activement par des hackers depuis au moins quatre mois. Identifiée sous le code CVE-2026-34621, elle concerne plusieurs versions d’Acrobat DC, Reader DC et Acrobat 2024💡 https://t.co/Yaq
@RLDI_Lamy
15 Apr 2026
152 Impressions
3 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
cisa added cve-2026-34621 (adobe acrobat reader) to kev. active exploitation since at least november 2025. patch due april 16. https://t.co/HVxBToh1Qz
@foufqr
15 Apr 2026
78 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe Acrobat/Readerに深刻な脆弱性が発表された。(CVE-2026-34621、CVSS 9.6) 細工されたPDFを「開くだけ」でパソコンが乗っ取られる可能性がある。 しかも2025年12月からすでに攻撃に使われていた、いわゆるゼロデ
@NakatA__
15 Apr 2026
93 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
#Adobe patched a critical zero-day (CVE-2026-34621) in Acrobat & Reader exploited since Dec 2025. Malicious PDFs enable remote code execution, data theft, and system takeover. #Cybersecurity $CRWD $PANW $S (SentinelOne) https://t.co/QIhJDEeu1B
@GeldSein83110
15 Apr 2026
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/XrlX3DQ7xZ Adobe Patches Actively Exploited Zero-Day in Acrobat Reader — Attacks Traced to Late 2025. A critical prototype-pollution vulnerability — tracked as CVE-2026-34621 — was silently weaponized in targeted PDF campaigns for months before Adobe issued.
@DIYprojects55
15 Apr 2026
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-34621 zero-day in Adobe Acrobat/Reader enables arbitrary code execution via crafted PDFs. Adobe confirms active exploitation in the wild since late 2025. PoC now circulating on dark web forums. Patch immediately and hunt for util. #DFIR_Radar https://t.co/mckOaS71bi
@DFIR_Radar
15 Apr 2026
222 Impressions
0 Retweets
1 Like
1 Bookmark
1 Reply
0 Quotes
Adobe zero-day (KEV confirmed) CVE-2026-34621 is now on CISA’s KEV catalog. Actively exploited since December 2025. Malicious PDFs bypass Acrobat sandbox, invoke privileged JavaScript APIs, read local files, exfiltrate data. No user interaction beyond opening the file. Attacks
@ElusivePrivacy
14 Apr 2026
184 Impressions
1 Retweet
4 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical AdobeReader zero-day vulnerability (CVE-2026-34621) exploited via malicious PDFs since Dec 2025. Update now to protect your systems! Link: https://t.co/9aonsUEnHJ #Security #Vulnerability #Adobe #PDF #Exploit #Malware #Patch #Update #Protection #Software #Cyber #Threat h
@dailytechonx
14 Apr 2026
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe patches critical Acrobat Reader zero-day CVE-2026-34621, CVSS 8.6 — exploited in the wild since November 2025 via malicious PDFs. CISA adds to KEV catalog, federal agencies must patch by April 27
@XavierRiveraX
14 Apr 2026
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: Adobe fixes PDF zero-day security bug (CVE-2026-34621) that hackers exploited via malicious PDFs since at least December 2025. Highly-sophisticated exploit harvests data, potential RCE. #BreakingNews #Cybersecurity #Adobe #Tech https://t.co/Ke7sCfNIUb
@Archange_Shadow
14 Apr 2026
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NicFab Newsletter #16 is out — EDPB 2025 Annual Report, eIDAS 2.0 digital wallet onboarding rules, Adobe Reader zero-day (CVE-2026-34621), AI Act Art. 20 on corrective actions. Read & subscribe free: https://t.co/CATmKFHeMV #Privacy #AI #Cybersecurity #DataProtection #eIDA
@nicfab
14 Apr 2026
80 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
THREAD: Adobe just issued an emergency patch for CVE-2026-34621 — a critical zero-day in Acrobat Reader that has been actively exploited since December 2025. CVSS 8.6. Prototype pollution → arbitrary code execution. https://t.co/81ED52ELpe #CVE202634621 #ZeroDay #Adobe http
@nxtgen579255
14 Apr 2026
104 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【Adobe Acrobat/ReaderのCVE-2026-34621は4/13時点でも最優先更新】 AdobeはAPSB26-43で、Acrobat/ReaderのCVE-2026-34621が実環境で悪用されていると明記しました。 影響はWindows/macOSのAcrobat DC、Reader DC、Acrobat 2024で、成功時には任
@01ra66it
13 Apr 2026
296 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 https://t.co/4vWtOOEN0Z käyttäen @TheHackersNews 👉There is evidence suggesting that the vulnerability may have been under exploitation since December 2025.
@vainio_vesa_
13 Apr 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: #BreakingNews Adobe Reader zero-day vulnerability exploited via malicious PDFs since at least December 2025. Obfuscated JavaScript executes privileged APIs to steal data, potential RCE. Adobe patch out (CVE-2026-34621). Scan attachments![1][2] #Cybersecurity #... h
@Archange_Shadow
13 Apr 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe released an emergency patch for a critical Acrobat Reader zero-day (CVE-2026-34621, CVSS 8.6) being actively exploited since late 2025. Patch immediately. https://t.co/hdRiQQlLiE
@DCLSearch
13 Apr 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️【緊急パッチ】Adobe Reader を今すぐ更新してください CVE-2026-34621(CVSS 8.6)が修正されました。 2025年12月から約4ヶ月、野放し状態で悪用されていました。 【怖い点】 ・PDFを開くだけで任意コードが
@Kento_Hiraki_
13 Apr 2026
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#PDF Adobe Acrobat Reader Critical Vulnerability CVE-2026-34621 affects * Acrobat DC versions 26.001.21367 and earlier * Acrobat Reader DC versions 26.001.21367 and earlier * Acrobat 2024 versions 24.001.30356 and earlier 👇 https://t.co/Mtqp9JWR5S
@securestep9
13 Apr 2026
188 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Adobe AcrobatおよびReaderにおいて、PDFを開くだけで任意のコードが実行されるという極めて深刻なゼロデイ脆弱性「CVE-2026-34621」が確認されました。この攻撃はユーザーがリンクをクリックするなどの追加操作を
@hinonantaro
12 Apr 2026
342 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENTE: Parche disponible para zero-day en Adobe ReaderAbrir un PDF bastaba para que atacantes robaran datos de tu PC. Exploit activo desde 2025 (CVE-2026-34621).Adobe publicó ayer el fix (APSB26-43). https://t.co/LS9aH7gvZJ https://t.co/FAkyStqit2
@Juansemaraon
12 Apr 2026
481 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENTE: Parche disponible para zero-day en Adobe ReaderAbrir un PDF bastaba para que atacantes robaran datos de tu PC. Exploit activo desde 2025 (CVE-2026-34621).Adobe publicó ayer el fix (APSB26-43). https://t.co/LS9aH7gvZJ https://t.co/VAjRicZCI7
@Juansemaraon
12 Apr 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-34621: Adobe Reader zero-day, CVSS 9.6, exploited since Nov 2025 by APT via weaponized PDFs. Sovereign protocol: patch to v26.001.21411 now, disable PDF JavaScript, open all unsolicited docs in sandboxed browser only. Your deal flow is a kill chain. #TheSovereignProtocol
@sovereignexec
12 Apr 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
That PDF your colleague just sent you? It might have already compromised your system 😬 Adobe just released an emergency patch for CVE-2026-34621 a CVSS 9.6 critical zero-day in Adobe Acrobat and Reader that has been actively exploited since November 2025. For months. Undetect
@cyberrangelabs
12 Apr 2026
180 Impressions
3 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
Adobe ReaderのゼロデイCVE-2026-34621、少なくとも2025年11月28日にはVirusTotalへ最初の検体が提出されていた。 気づかれるまで4か月以上。 検体名は「Invoice540.pdf」 請求書を装う、ありふれた手口だ。 攻撃の巧妙さ
@joho_no_todai
12 Apr 2026
2952 Impressions
19 Retweets
42 Likes
8 Bookmarks
0 Replies
0 Quotes
I am a senior threat intelligence analyst at one of the three endpoint security vendors Adobe contacted before publishing APSB26-43. I need to explain what CVE-2026-34621 actually is, because the advisory doesn't. The first sample hit VirusTotal on November 28, 2025. It was
@thesincerevp
12 Apr 2026
202 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
🛑 Adobe released emergency fixes for a 9.6 CVSS flaw (CVE-2026-34621) in Acrobat/Reader, confirmed under active exploitation. A prototype pollution bug lets malicious PDFs run arbitrary code via JavaScript. Evidence shows attacks may date back to Dec 2025. 🔗 Read →
@Crypto0Tech
12 Apr 2026
118 Impressions
0 Retweets
2 Likes
0 Bookmarks
2 Replies
0 Quotes
🛑 Adobe released emergency fixes for a 9.6 CVSS flaw (CVE-2026-34621) in Acrobat/Reader, confirmed under active exploitation. A prototype pollution bug lets malicious PDFs run arbitrary code via JavaScript. Evidence shows attacks may date back to Dec 2025. 🔗 Read → http
@TheHackersNews
12 Apr 2026
24699 Impressions
85 Retweets
245 Likes
70 Bookmarks
6 Replies
5 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"matchCriteriaId": "C1D9FFF0-C948-4C17-8E0C-9245DD3ADDCB",
"versionEndExcluding": "26.001.21411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"matchCriteriaId": "6E91BACA-4DE1-4412-BE17-0992FDEEC66B",
"versionEndExcluding": "26.001.21411",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"matchCriteriaId": "0287242D-1301-49AF-B416-C37114304EF4",
"versionEndExcluding": "24.001.30362",
"versionStartIncluding": "24.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"matchCriteriaId": "528A400D-E038-41E4-B3C8-ED5BA10BD63E",
"versionEndExcluding": "24.001.30360",
"versionStartIncluding": "24.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]