6 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2026-34621 is a high-severity vulnerability in Adobe Acrobat and Acrobat Reader caused by improper control of object prototype attributes. The flaw allows attackers to manipulate how objects are handled within the application, potentially leading to arbitrary code execution.
An attacker can exploit this vulnerability by delivering a specially crafted malicious file and convincing a user to open it. Once triggered, the attacker-controlled code executes in the context of the current user, potentially enabling system compromise.
This vulnerability is confirmed to be actively exploited in the wild.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Remote Code Execution Vulnerability in Adobe Acrobat and Acrobat Reader
Identifier: CVE-2026-34621
CVSS Score: 8.6 (High, CVSS v3.1)
PoC or Exploitation:
Adobe has confirmed that CVE-2026-34621 is being actively exploited in the wild.
Update/ Patch:
Adobe released an emergency security update for Adobe Acrobat and Acrobat Reader for Windows and macOS on April 11, 2026.
Affected versions include:
- Acrobat DC 26.001.21367 and earlier
- Acrobat Reader DC 26.001.21367 and earlier
- Acrobat 2024 version 24.001.30356 and earlier
Fixed versions include:
- Acrobat DC 26.001.21411
- Acrobat Reader DC 26.001.21411
- Acrobat 2024 version 24.001.30362 for Windows
- Acrobat 2024 version 24.001.30360 for macOS
Adobe advisory and patch guidance:
Description:
CVE-2026-34621 is an improperly controlled modification of object prototype attributes vulnerability in Adobe Acrobat and Acrobat Reader. Successful exploitation may allow arbitrary code execution in the context of the current user.
An attacker can exploit this vulnerability by delivering a specially crafted malicious file and convincing the user to open it. Once triggered, the vulnerability can allow execution of attacker-controlled code on the affected system.
Mitigation Recommendation:
Immediately update Adobe Acrobat and Acrobat Reader to the fixed versions listed in Adobe's security bulletin.
Prioritize patching endpoints that handle untrusted or externally sourced files.
Restrict users from opening unsolicited or unexpected attachments until updates are applied.
Use endpoint protection and email security controls to detect and block malicious files.
Monitor systems for suspicious activity originating from Acrobat or Reader processes, including abnormal child processes or unexpected behavior.
