Acrobat Reader <26.001.21411 Prototype Pollution Code Exec
CVE-2026-34622 Published on April 14, 2026
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Vulnerability Analysis
CVE-2026-34622 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Prototype Pollution Vulnerability?
The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
CVE-2026-34622 has been classified to as a Prototype Pollution vulnerability or weakness.
Products Associated with CVE-2026-34622
stack.watch emails you whenever new vulnerabilities are published in Adobe Acrobat or Adobe Reader. Just hit a watch button to start following.
Affected Versions
Adobe Acrobat Reader:- Before and including 26.001.21411 is affected.