Is Prototype Pollution affected by EUVD-2026-21675?

Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier contain a critical prototype pollution vulnerability (CVSS 9.6) that enables unauthenticated remote code execution when users open malicious PDF files.

EUVD-2026-21675

| CVE-2026-34621 HIGH

2026-04-11 [email protected]

GHSA-vcqh-932g-m3qj

8.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Severity Changed

Apr 12, 2026 - 05:22 NVD

CRITICAL HIGH

CVSS Changed

Apr 12, 2026 - 05:22 NVD

9.6 (CRITICAL) 8.6 (HIGH)

EUVD ID Assigned

Apr 11, 2026 - 07:25 euvd

EUVD-2026-21675

Analysis Generated

Apr 11, 2026 - 07:25 vuln.today

CVE Published

Apr 11, 2026 - 07:16 nvd

CRITICAL 9.6

Description

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Analysis

Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execution in user context via malicious PDF files. Attack requires user interaction to open a crafted document. …

Remediation

Within 24 hours: Inventory all systems running Adobe Acrobat Reader versions 24.001.30356 or 26.001.21367 and earlier; disable PDF opening in email clients and restrict Adobe Reader to trusted document sources only. Within 7 days: Deploy endpoint controls blocking unsigned PDF execution; implement network segmentation isolating systems that require PDF processing; consider temporary use of alternative PDF viewers for non-critical workflows. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +43

POC: +20

EUVD-2026-21675 vulnerability details – vuln.today

Back

EUVD-2026-21675

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-21675

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code