A remote code execution vulnerability (CVE-2026-34621, CVSS 8.6 HIGH) in Adobe Acrobat and Reader, caused by an Improperly Controlled Modification of Object Prototype Attributes, is being actively exploited. Affected versions are Acrobat/Reader DC 26.001.21367 and earlier, and Acrobat 2024 versions 24.001.30356 and earlier on Windows and macOS. The solution is to update to Acrobat/Reader DC 26.001.21411 or later, Acrobat 2024 for macOS 24.001.30360 or later, or Acrobat 2024 for Windows 24.001.30362 or later.
A vulnerability was identified in Adobe Acrobat. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Note: CVE-2026-34621 is being exploited in the wild. It was affected by an Improperly Controlled Modification of Object Prototype... Impact Remote Code Execution System / Technologies affected Acrobat DC: version 26.001.21367 and earlier Acrobat Reader DC: version 26.001.21367 and earlier Acrobat 2024: version 24.001.30356 and earlier Solutions Before installation of the software, please visit the software manufacturer web-site for more details. Update to: Acrobat DC: version 26.001.21411 or later Acrobat Reader DC: version 26.001.21411 or later Acrobat 2024 (for macOS): version 24.001.30360 or later Acrobat 2024 (for Windows): version 24.001.30362 or later