CVE-2026-34621
moderate-risk
Published 2026-04-11
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10
High
LOCAL
/ LOW complexity
Affected Products (3)
Affected Vendors
References (2)
Vendor Advisory
https://helpx.adobe.com/security/products/acrobat/apsb26-43.html
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-...
Get this data via API
curl -H "Authorization: Bearer YOUR_KEY" \
https://cyber.phasetransitions.ai/api/v1/cves/CVE-2026-34621
Free tier: 100 requests/day, no credit card.
42
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
7/34 · Low
Exposure
9/34 · Low