CVE-2026-34621 - Vulnerability Analysis

Overview

Acrobat Reader <= 24.001.30356, 26.001.21367 contains a prototype pollution vulnerability caused by improperly controlled modification of object prototype attributes, letting attackers execute arbitrary code in the context of the current user, exploit requires victim to open a malicious file.

Severity & Score

Impact

Attackers can execute arbitrary code as the current user, potentially compromising the user's system.

Mitigation

Update to the latest version beyond 26.001.21367.

References

• https://helpx.adobe.com/security/products/acrobat/apsb26-43.html
• https://justhaifei1.blogspot.com/2026/04/expmon-detected-sophisticated-zero-day-adobe-reader.html
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34621

Social Media Activity(1 post)

/r/netsec

@_r_netsec

Apr 23, 2026

CVE-2026-34621: Adobe Acrobat Reader zero-day was on VirusTotal for 136 days before Adobe named it a CVE https://nefariousplan.com/posts/adobe-acrobat-cve-2026-34621-detection-lie

View original post

GitHub Repositories(5 repos)

• https://github.com/ercihan/CVE-2026-34621_PDF_SAMPLE
• https://github.com/ercihan/CVE-2026-34621
• https://github.com/eduardorossi84/CVE-2026-34621-POC
• https://github.com/NULL200OK/cve_2026_34621_advanced
• https://github.com/KeulenR01/Remediate-AdobeAcrobat-CVE-2026-34621

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner