SecuriTricks - CVE-2026-34622

Description

Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product(s) Impacted

Vendor	Product	Versions
Adobe	Acrobat Reader	26.001.21411, 24.001.30360, 24.001.30362, <24.001.30360

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	adobe	acrobat_reader	26.001.21411	/	/	/	/	/	/	/
a	adobe	acrobat_reader	24.001.30360	/	/	/	/	/	/	/
a	adobe	acrobat_reader	24.001.30362	/	/	/	/	/	/	/
a	adobe	acrobat_reader	<24.001.30360	/	/	/	/	/	/	/

References

https://helpx.adobe.com/security/products/acrobat/apsb26-44.html

CVSS Score

8.6 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

View Vector String

Timeline

Published: April 14, 2026, 5:16 p.m.
Last Modified: April 15, 2026, 4:14 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-34622