CVE-2026-34621: Adobe Acrobat And Reader

What is CVE-2026-34621?

Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.

CVSS8.6 NVD 3.1

SeverityHIGH

Exploitation In the wild In CISA KEV

Triage statusActive Exploit

ActionPatch immediately

CVSS vectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Adobe Acrobat and Reader Prototype Pollution Vulnerability

Added to KEV2026-04-13

Federal patch deadline2026-04-27

Known ransomware useUnknown

Affected product

Adobe Acrobat And Reader

Remediation Steps

Deploy Adobe Acrobat Reader emergency patch released April 2026 to all endpoints
Implement application control to block execution of unpatched Reader versions
Disable JavaScript execution in Adobe Reader as temporary mitigation if patching delayed
Monitor for exploitation attempts using EDR/XDR tools with CVE-2026-34621 signatures
Educate users against opening untrusted PDF attachments

References

Coverage on defend.network

Vulnerability Priority Report – Week 2 of April 2026 (April 13 – 19)
Adobe Reader zero-day; CPUID STX RAT supply-chain; Iran hits 4,000 ICS (2026-04-13)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.