Adobe Acrobat and Reader Prototype Pollution Vulnerability
Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
Quick answer
Adobe Acrobat and Reader should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- -
Fixed versions
- Apply the latest vendor-supported patched version.
How to fix it
Treat CVE-2026-34621 as an actively exploited Adobe Acrobat and Reader arbitrary code execution risk. Adobe's APSB26-43 bulletin says affected users should update immediately: Acrobat DC and Acrobat Reader DC Continuous should move to 26.001.21411 or later, and Acrobat 2024 Classic should move to 24.001.30362 on Windows or 24.001.30360 on macOS or later. Because exploitation requires opening a malicious file, prioritize endpoints and users that handle external PDFs, email attachments, browser downloads, support tickets, or shared document repositories.
- Inventory Adobe Acrobat DC, Acrobat Reader DC, and Acrobat 2024 installations across Windows and macOS endpoints.
- Identify Acrobat DC and Acrobat Reader DC Continuous versions 26.001.21367 and earlier as affected.
- Identify Acrobat 2024 Classic versions 24.001.30356 and earlier as affected.
- Update Acrobat DC and Acrobat Reader DC Continuous to 26.001.21411 or later using Help > Check for Updates, automatic update, enterprise deployment tooling, or the official Adobe installer.
- Update Acrobat 2024 Classic to 24.001.30362 or later on Windows and 24.001.30360 or later on macOS.
- For managed environments, deploy the Adobe update through the organization's normal endpoint management method such as GPO, SCCM, MDM, Apple Remote Desktop, SSH, or another approved package workflow.
- Until patching is complete, warn users not to open unexpected PDFs and apply extra controls for email attachments, web downloads, and document-sharing workflows.
- Review endpoint telemetry for suspicious PDF launches, Acrobat child processes, unexpected network activity, or alerts tied to malicious documents.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm Acrobat DC and Acrobat Reader DC installations report version 26.001.21411 or later.
- Confirm Acrobat 2024 Classic reports version 24.001.30362 or later on Windows and 24.001.30360 or later on macOS.
- Confirm enterprise software inventory or MDM data shows the vulnerable versions have been removed from active endpoints.
- Open Acrobat or Reader and run Help > Check for Updates on a sample of managed endpoints to verify the update channel reports no pending security update.
- Run a Fixnx scan against public download, support, and document-upload surfaces after remediation to confirm related public exposure is understood.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-34621?
Adobe Acrobat and Reader should be checked against the vendor advisory and trusted references linked on this page.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
Why can this risk appear in multiple categories?
A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.
