"The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 9.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations."
"Prototype pollution refers to a JavaScript security vulnerability that permits an attacker to manipulate an application's objects and properties."
"Adobe acknowledged that it's 'aware of CVE-2026-34621 being exploited in the wild.'"
"'It appears that Adobe has determined the bug can lead to arbitrary code execution - not just an information leak,' EXPMON said in a post on X."
Adobe has issued emergency updates to address a critical security vulnerability in Acrobat Reader, identified as CVE-2026-34621, with a CVSS score of 9.6. This flaw allows attackers to execute malicious code on affected systems through prototype pollution, a JavaScript vulnerability. The issue affects specific versions of Acrobat DC and Acrobat Reader DC for both Windows and macOS. Adobe confirmed awareness of the exploitation in the wild, with indications that the vulnerability has been exploited since December 2025.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]