Vulnerability detail

Enriched intelligence for a single CVE

PRO Back to KEVs

8.6

CVSS
High

CVE-2026-34621

PUBLISHED

Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)

1 day faster than CISA KEV

Exploited in the wild Low complexity

Vendor: Adobe
Product: Acrobat Reader
Published: Apr 11, 2026
EPSS: 11.0% · 94% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

cisa

Weaknesses (CWE)

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSS scores

CVSS v3.1 8.6 High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-01 13:07:13 UTC · CVE

References

https://helpx.adobe.com/security/products/acrobat/apsb26-43.html

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE First	2026-06-01 13:07 UTC
CISA	2026-06-02 14:02 UTC

Timeline

CVE ID Reserved

2026-03-30 17:30 UTC
CVE Published to Public

2026-04-11 06:45 UTC
Added to KEVIntel

2026-06-01 13:07 UTC
KEV confirmed by CISA

2026-06-02 14:02 UTC