CVE-2026-34621
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
In short
Acrobat Reader has a flaw where attackers can inject malicious code into core JavaScript objects through specially crafted PDF files. If you open an infected PDF, the attacker's code runs with your permissions.
Technical detail
Prototype pollution in Acrobat Reader (versions 24.001.30356, 26.001.21367 and earlier) allows unauthenticated attackers to modify JavaScript object prototypes via malicious PDF files. User interaction is required (opening the file); successful exploitation results in arbitrary code execution in the user's security context.
Summary generated and translated by AI from the official description.
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Adobe · Acrobat Readerpublic PoCs found — 1
githubgithub.com/azefzafyoussef/CVE-2026-34621★ 20⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →