Which versions of Adobe Acrobat Reader are affected by CVE-2026-34621?

Versions 24.001.30356, 26.001.21367, and earlier of Adobe Acrobat Reader are affected by this vulnerability.

How can users protect themselves from CVE-2026-34621?

Users should update Adobe Acrobat Reader to the latest version as per Adobe's security bulletin APSB26-43 and avoid opening PDF files from untrusted sources.

Adobe Acrobat Reader CVE-2026-34621: Critical Prototype Pollution Vulnerability

Discover the details of the critical CVE-2026-34621 vulnerability in Adobe Acrobat Reader, its impact, and the importance of timely patching to safeguard your systems.

Published: April 12, 2026

Share this on:

Executive Summary

In April 2026, Adobe released emergency updates to address a critical vulnerability (CVE-2026-34621) in Acrobat Reader, which had been actively exploited since at least December 2025. This 'Prototype Pollution' flaw allowed attackers to execute arbitrary code on affected systems when users opened malicious PDF files. The vulnerability impacted versions 24.001.30356, 26.001.21367, and earlier, across both Windows and macOS platforms. Successful exploitation could lead to full system compromise, including data theft and unauthorized control over the device.

The incident underscores the persistent threat posed by zero-day vulnerabilities and the importance of timely software updates. Organizations are reminded to maintain robust patch management practices and to exercise caution when handling unsolicited documents, especially those received via email or social channels.

Why This Matters Now

The active exploitation of CVE-2026-34621 highlights the critical need for organizations to promptly apply security patches and remain vigilant against sophisticated attack vectors that leverage common file formats like PDFs.

Attack Path Analysis

An attacker exploited a prototype pollution vulnerability in Adobe Acrobat Reader by sending a malicious PDF to a user, leading to arbitrary code execution upon opening. The attacker then escalated privileges to gain higher-level access, moved laterally within the network to identify and access sensitive data, established a command and control channel to exfiltrate data, and ultimately caused significant operational disruption.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

Mediuminferred

Lateral Movement

Mediuminferred

Command & Control

Mediuminferred

Exfiltration

Mediuminferred

Impact

Mediuminferred

Initial Compromise

Description

The attacker sends a malicious PDF exploiting CVE-2026-34621 to a user, leading to arbitrary code execution upon opening.

Confidence:

High

Related CVEs

Included CVEs with severity scores, affected products, exploit status, and reference links.

CVE-2026-34621
CVSS 8.6
A critical vulnerability in Adobe Acrobat and Reader allows arbitrary code execution.
Affected Products:
Adobe Acrobat DC – 26.001.21367 and earlier
Adobe Acrobat Reader DC – 26.001.21367 and earlier
Adobe Acrobat 2024 – 24.001.30356 and earlier
Exploit Status:
exploited in the wild
References:
https://helpx.adobe.com/security/products/acrobat/apsb26-43.html

MITRE ATT&CK® Techniques

Execution

T1203

Exploitation for Client Execution

Initial Access

T1566.001

Spearphishing Attachment

Execution

T1059.007

JavaScript

Execution

T1204.002

Malicious File

Persistence

T1546.015

Event Triggered Execution: Component Object Model Hijacking

Defense Evasion

T1574.002

Hijack Execution Flow: DLL Side-Loading

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

PCI DSS 4.0 – Ensure all system components are protected from known vulnerabilities

Control ID: 6.2

The exploitation of CVE-2026-34621 indicates a failure to promptly apply security patches, exposing systems to known vulnerabilities.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

The incident suggests inadequacies in the organization's cybersecurity policy regarding vulnerability management and patching procedures.

DORA – ICT Risk Management Framework

Control ID: Article 5

The breach highlights deficiencies in the ICT risk management framework, particularly in identifying and mitigating software vulnerabilities.

CISA ZTMM 2.0 – Asset Management

Control ID: 3.1

The attack underscores the need for comprehensive asset management to ensure all software components are up-to-date and secure.

NIS2 Directive – Cybersecurity Risk Management Measures

Control ID: Article 21

The exploitation of a known vulnerability reflects a lapse in implementing effective cybersecurity risk management measures.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Financial Services

Critical Adobe Acrobat Reader vulnerability CVE-2026-34621 poses severe risk given extensive PDF usage for contracts, statements, and regulatory documents requiring immediate patching.

Legal Services

Active exploitation of Adobe Reader flaw threatens confidential legal documents and client communications, demanding urgent security updates and enhanced document handling protocols.

Government Administration

Government agencies face high risk from CVE-2026-34621 exploitation due to heavy PDF reliance for official documents, policy distribution, and citizen services.

Health Care / Life Sciences

Healthcare organizations must prioritize Adobe Reader patching as malicious code execution could compromise HIPAA-protected patient records and critical medical documentation systems.

Sources

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621https://thehackernews.com/2026/04/adobe-patches-actively-exploited.html
Verified

Adobe Security Bulletin APSB26-43https://helpx.adobe.com/security/products/acrobat/apsb26-43.html

Verified

Frequently Asked Questions

CVE-2026-34621 is a critical 'Prototype Pollution' vulnerability in Adobe Acrobat Reader that allows attackers to execute arbitrary code when a user opens a malicious PDF file.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it could likely limit the attacker's ability to escalate privileges, move laterally, and exfiltrate data by enforcing strict segmentation and identity-aware routing.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: While Aviatrix Zero Trust CNSF may not prevent the initial execution of malicious code via user interaction, it could likely limit the attacker's subsequent network access, reducing the potential for further exploitation.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: Aviatrix Zero Trust Segmentation could likely limit the attacker's ability to escalate privileges by enforcing strict access controls, thereby reducing the scope of accessible resources.

Lateral Movement

Control: East-West Traffic Security

Mitigation: Aviatrix East-West Traffic Security could likely limit the attacker's lateral movement by enforcing strict segmentation policies, thereby reducing the reachability of other workloads.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: Aviatrix Multicloud Visibility & Control could likely limit the establishment of command and control channels by providing comprehensive monitoring and control over network traffic, thereby reducing unauthorized outbound communications.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: Aviatrix Egress Security & Policy Enforcement could likely limit data exfiltration by enforcing strict outbound traffic policies, thereby reducing unauthorized data transfers.

Impact (Mitigations)

While Aviatrix Zero Trust CNSF may not prevent the initial compromise, it could likely limit the attacker's ability to cause widespread operational disruption by constraining lateral movement and unauthorized access.

Impact at a Glance

Affected Business Functions

Document Management
E-signature Processing

Operational Disruption

Estimated downtime: 3 days

Financial Impact

Estimated loss: $50,000

Data Exposure

Potential exposure of sensitive documents processed through Acrobat and Reader.

Recommended Actions

• Implement Zero Trust Segmentation to limit lateral movement within the network.
• Deploy East-West Traffic Security controls to monitor and restrict internal traffic flows.
• Utilize Egress Security & Policy Enforcement to control outbound traffic and prevent data exfiltration.
• Enhance Threat Detection & Anomaly Response capabilities to identify and respond to suspicious activities.
• Regularly update and patch software to mitigate known vulnerabilities like CVE-2026-34621.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Adobe Acrobat Reader CVE-2026-34621: Critical Prototype Pollution Vulnerability

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

Related CVEs

CVE-2026-34621

Affected Products:

Exploit Status:

References:

MITRE ATT&CK® Techniques

Exploitation for Client Execution

Spearphishing Attachment

JavaScript

Malicious File

Event Triggered Execution: Component Object Model Hijacking

Hijack Execution Flow: DLL Side-Loading

Potential Compliance Exposure

PCI DSS 4.0 – Ensure all system components are protected from known vulnerabilities

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

CISA ZTMM 2.0 – Asset Management

NIS2 Directive – Cybersecurity Risk Management Measures

Sector Implications

Financial Services

Legal Services

Government Administration

Health Care / Life Sciences

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads