Acrobat Reader <=26.0 Prototype Pollution Arbitrary FS Read
CVE-2026-34626 Published on April 14, 2026
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Vulnerability Analysis
CVE-2026-34626 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is a Prototype Pollution Vulnerability?
The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
CVE-2026-34626 has been classified to as a Prototype Pollution vulnerability or weakness.
Products Associated with CVE-2026-34626
stack.watch emails you whenever new vulnerabilities are published in Adobe Acrobat or Adobe Reader. Just hit a watch button to start following.
Affected Versions
Adobe Acrobat Reader:- Before and including 26.001.21411 is affected.