CVE-2026-34621
Description
CVE-2026-34621 is a high-severity prototype pollution flaw in Adobe Acrobat and Reader that allows arbitrary code execution via malicious files.
CPE
| Product | Version Start | Version End (excl.) | Status |
|---|---|---|---|
| acrobat_dc | * | 26.001.21411 | vulnerable |
| acrobat_reader_dc | * | 26.001.21411 | vulnerable |
| macos | - | - | unaffected |
| windows | - | - | unaffected |
| acrobat | 24.0.0 | 24.001.30362 | vulnerable |
| windows | - | - | unaffected |
| acrobat | 24.0.0 | 24.001.30360 | vulnerable |
| macos | - | - | unaffected |
Related weakness (CWE)
Remediation plan
Apply official patches
Immediately deploy the security updates provided by Adobe in security bulletin APSB26-43. These patches specifically address the Improperly Controlled Modification of Object Prototype Attributes.
Update affected systems
Ensure Adobe Acrobat DC and Reader DC are updated to version 26.001.21411 or later. For Acrobat 2024, ensure systems are running at least version 24.001.30362 on Windows or 24.001.30360 on macOS.
Restrict access
Enable 'Protected Mode' and 'Enhanced Security' settings within Adobe Acrobat and Reader to sandbox the application. Additionally, use email security gateways to block or scan suspicious PDF attachments from untrusted external sources.
Monitor for exploitation
Use Endpoint Detection and Response (EDR) tools to monitor for suspicious child processes spawned by Acrobat.exe, such as cmd.exe or powershell.exe, which may indicate successful arbitrary code execution.
Detection Guidance
To detect potential exploitation of CVE-2026-34621, monitor endpoint logs for Adobe Acrobat or Reader spawning unexpected shell processes or making unusual outbound network connections. Look for crash logs associated with Acrobat's JavaScript engine. Security teams should also use vulnerability scanners to identify any instances of Acrobat DC or Reader DC older than version 26.001.21411, as these remain high-risk targets for this actively exploited vulnerability.