What is the CVSS score of CVE-2026-34621?

CVE-2026-34621 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Prototype Pollution are affected by CVE-2026-34621?

Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier contain a critical prototype pollution vulnerability (CVSS 9.6) that enables unauthenticated remote code execution when users open…

Is there a public PoC exploit available for CVE-2026-34621?

Yes, a public proof-of-concept exploit is available for CVE-2026-34621. Prioritise patching immediately. EPSS: 0.2%.

Prototype Pollution CVE-2026-34621

EUVD-2026-21675 HIGH

Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321)

2026-04-11 psirt@adobe.com

GHSA-vcqh-932g-m3qj

RCE Adobe Prototype Pollution

8.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Added to CISA KEV

Apr 13, 2026 - 18:02 CISA

Severity Changed

Apr 12, 2026 - 05:22 NVD

CRITICAL HIGH

CVSS changed

Apr 12, 2026 - 05:22 NVD

9.6 (CRITICAL) 8.6 (HIGH)

EUVD ID Assigned

Apr 11, 2026 - 07:25 euvd

EUVD-2026-21675

Analysis Generated

Apr 11, 2026 - 07:25 vuln.today

CVE Published

Apr 11, 2026 - 07:16 nvd

CRITICAL 9.6

DescriptionNVD

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execution in user context via malicious PDF files. Attack requires user interaction to open a crafted document. …

RemediationAI

Within 24 hours: Inventory all systems running Adobe Acrobat Reader versions 24.001.30356 or 26.001.21367 and earlier; disable PDF opening in email clients and restrict Adobe Reader to trusted document sources only. Within 7 days: Deploy endpoint controls blocking unsigned PDF execution; implement network segmentation isolating systems that require PDF processing; consider temporary use of alternative PDF viewers for non-critical workflows. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-34621 vulnerability details – vuln.today

Back

Prototype Pollution CVE-2026-34621

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code