Detections
Analytics
CVE-2026-34621
high
Description
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
https://thehackernews.com/2026/04/april-patch-tuesday-fixes-critical.html
https://www.securityweek.com/adobe-patches-55-vulnerabilities-across-11-products/
https://www.theregister.com/2026/04/13/ransomware_gang_other_crims_attacking/
https://www.helpnetsecurity.com/2026/04/13/adobe-acrobat-reader-cve-2026-34621-emergency-fix/
https://www.darkreading.com/application-security/adobe-patches-actively-exploited-zero-day
https://www.securityweek.com/adobe-patches-reader-zero-day-exploited-for-months/
https://thehackernews.com/2026/04/adobe-patches-actively-exploited.html
https://www.theregister.com/2026/04/09/monthsold_adobe_reader_zeroday_uses/
https://thehackernews.com/2026/04/adobe-reader-zero-day-exploited-via.html
https://hackread.com/adobe-reader-zero-day-exploit-data-malicious-pdfs/
https://justhaifei1.blogspot.com/2026/04/expmon-detected-sophisticated-zero-day-adobe-reader.html
Details
Published: 2026-04-11
Updated: 2026-04-13
Known Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
CVSS v3
Base Score: 8.6
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity: High
EPSS
EPSS: 0.00235
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest