CVE-2026-34621
Published Apr 11, 2026
Last updated 14 hours ago
- Description
- Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
- Products
- acrobat_dc, acrobat_reader_dc, acrobat
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Exploit added on
- Apr 13, 2026
- Exploit action due
- Apr 27, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- psirt@adobe.com
- CWE-1321
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
【Adobe Acrobat/ReaderのCVE-2026-34621は4/13時点でも最優先更新】 AdobeはAPSB26-43で、Acrobat/ReaderのCVE-2026-34621が実環境で悪用されていると明記しました。 影響はWindows/macOSのAcrobat DC、Reader DC、Acrobat 2024で、成功時には任
@01ra66it
13 Apr 2026
249 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 https://t.co/4vWtOOEN0Z käyttäen @TheHackersNews 👉There is evidence suggesting that the vulnerability may have been under exploitation since December 2025.
@vainio_vesa_
13 Apr 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: #BreakingNews Adobe Reader zero-day vulnerability exploited via malicious PDFs since at least December 2025. Obfuscated JavaScript executes privileged APIs to steal data, potential RCE. Adobe patch out (CVE-2026-34621). Scan attachments![1][2] #Cybersecurity #... h
@Archange_Shadow
13 Apr 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe released an emergency patch for a critical Acrobat Reader zero-day (CVE-2026-34621, CVSS 8.6) being actively exploited since late 2025. Patch immediately. https://t.co/hdRiQQlLiE
@DCLSearch
13 Apr 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️【緊急パッチ】Adobe Reader を今すぐ更新してください CVE-2026-34621(CVSS 8.6)が修正されました。 2025年12月から約4ヶ月、野放し状態で悪用されていました。 【怖い点】 ・PDFを開くだけで任意コードが
@Kento_Hiraki_
13 Apr 2026
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#PDF Adobe Acrobat Reader Critical Vulnerability CVE-2026-34621 affects * Acrobat DC versions 26.001.21367 and earlier * Acrobat Reader DC versions 26.001.21367 and earlier * Acrobat 2024 versions 24.001.30356 and earlier 👇 https://t.co/Mtqp9JWR5S
@securestep9
13 Apr 2026
188 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Adobe AcrobatおよびReaderにおいて、PDFを開くだけで任意のコードが実行されるという極めて深刻なゼロデイ脆弱性「CVE-2026-34621」が確認されました。この攻撃はユーザーがリンクをクリックするなどの追加操作を
@hinonantaro
12 Apr 2026
342 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENTE: Parche disponible para zero-day en Adobe ReaderAbrir un PDF bastaba para que atacantes robaran datos de tu PC. Exploit activo desde 2025 (CVE-2026-34621).Adobe publicó ayer el fix (APSB26-43). https://t.co/LS9aH7gvZJ https://t.co/FAkyStqit2
@Juansemaraon
12 Apr 2026
481 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENTE: Parche disponible para zero-day en Adobe ReaderAbrir un PDF bastaba para que atacantes robaran datos de tu PC. Exploit activo desde 2025 (CVE-2026-34621).Adobe publicó ayer el fix (APSB26-43). https://t.co/LS9aH7gvZJ https://t.co/VAjRicZCI7
@Juansemaraon
12 Apr 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-34621: Adobe Reader zero-day, CVSS 9.6, exploited since Nov 2025 by APT via weaponized PDFs. Sovereign protocol: patch to v26.001.21411 now, disable PDF JavaScript, open all unsolicited docs in sandboxed browser only. Your deal flow is a kill chain. #TheSovereignProtocol
@sovereignexec
12 Apr 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
That PDF your colleague just sent you? It might have already compromised your system 😬 Adobe just released an emergency patch for CVE-2026-34621 a CVSS 9.6 critical zero-day in Adobe Acrobat and Reader that has been actively exploited since November 2025. For months. Undetect
@cyberrangelabs
12 Apr 2026
180 Impressions
3 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
Adobe ReaderのゼロデイCVE-2026-34621、少なくとも2025年11月28日にはVirusTotalへ最初の検体が提出されていた。 気づかれるまで4か月以上。 検体名は「Invoice540.pdf」 請求書を装う、ありふれた手口だ。 攻撃の巧妙さ
@joho_no_todai
12 Apr 2026
2952 Impressions
19 Retweets
42 Likes
8 Bookmarks
0 Replies
0 Quotes
I am a senior threat intelligence analyst at one of the three endpoint security vendors Adobe contacted before publishing APSB26-43. I need to explain what CVE-2026-34621 actually is, because the advisory doesn't. The first sample hit VirusTotal on November 28, 2025. It was
@thesincerevp
12 Apr 2026
202 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
🛑 Adobe released emergency fixes for a 9.6 CVSS flaw (CVE-2026-34621) in Acrobat/Reader, confirmed under active exploitation. A prototype pollution bug lets malicious PDFs run arbitrary code via JavaScript. Evidence shows attacks may date back to Dec 2025. 🔗 Read →
@Crypto0Tech
12 Apr 2026
118 Impressions
0 Retweets
2 Likes
0 Bookmarks
2 Replies
0 Quotes
🛑 Adobe released emergency fixes for a 9.6 CVSS flaw (CVE-2026-34621) in Acrobat/Reader, confirmed under active exploitation. A prototype pollution bug lets malicious PDFs run arbitrary code via JavaScript. Evidence shows attacks may date back to Dec 2025. 🔗 Read → http
@TheHackersNews
12 Apr 2026
24699 Impressions
85 Retweets
245 Likes
70 Bookmarks
6 Replies
5 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"matchCriteriaId": "C1D9FFF0-C948-4C17-8E0C-9245DD3ADDCB",
"versionEndExcluding": "26.001.21411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"matchCriteriaId": "6E91BACA-4DE1-4412-BE17-0992FDEEC66B",
"versionEndExcluding": "26.001.21411",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"matchCriteriaId": "0287242D-1301-49AF-B416-C37114304EF4",
"versionEndExcluding": "24.001.30362",
"versionStartIncluding": "24.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"matchCriteriaId": "528A400D-E038-41E4-B3C8-ED5BA10BD63E",
"versionEndExcluding": "24.001.30360",
"versionStartIncluding": "24.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]