Prototype Pollution Vulnerability in Adobe Acrobat Reader
CVE-2026-34626

6.3MEDIUM

Key Information:

Vendor: Adobe
Status: Acrobat Reader
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-34626?

Adobe Acrobat Reader is susceptible to a prototype pollution vulnerability that enables attackers to manipulate object prototype attributes. This flaw allows for arbitrary file system access in the context of the current user, requiring the victim to open a specially crafted malicious file. Users are advised to exercise caution and ensure they are using the latest version of the software to mitigate potential risks.

Affected Version(s)

Acrobat Reader 0 <= 26.001.21411

References

https://helpx.adobe.com/security/products/acrobat/apsb26-...

vendor-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34626 Data

JSON