CVE-2026-34626 — Prototype Pollution in Adobe Acrobat Reader

CWE-1321 — Prototype Pollution3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.0%
top 91.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Acrobat Reader
Timeline
PublishedApr 14

Description

Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 1.8 | Impact: 4.0

Affected Packages1 packages

â–¶CVEListV5adobe/acrobat_reader26.001.21411

🔴Vulnerability Details

2
CVEList
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)↗2026-04-14
â–¶
GHSA
GHSA-m5xm-mx43-q65f: Acrobat Reader versions 26↗2026-04-14
â–¶
CVE-2026-34626 — Prototype Pollution in Adobe | cvebase