A recently disclosed high‑severity vulnerability in Adobe Acrobat and Acrobat Reader (°ä³Õ·¡â€‘2026‑34621) allows attackers to execute arbitrary code on affected systems by tricking users into opening a specially crafted PDF file. Severity level: CVSS Score: 8.6/High Description: Adobe Acrobat and Acrobat Reader contain an improperly controlled modification of object prototype attributes (Prototype Pollution) vulnerability. The flaw exists in the handling of JavaScript objects within PDF documents. In vulnerable versions, opening a maliciously crafted PDF allows an attacker to manipulate JavaScript object prototypes and invoke privileged APIs. This can result in arbitrary code execution in the context of the current user. Affected Versions: Acrobat DC: 26.001.21367 and earlier. Acrobat Reader DC: 26.001.21367 and earlier. Acrobat 2024: 24.001.30356 and earlier. Platforms: Windows and macOS. Impact: Successful exploitation may result in arbitrary code execution on the affected system. Resolution: Adobe strongly recommends immediately upgrading to the latest patched versions:
Acrobat DC / Acrobat Reader DC: 26.001.21411 or later. Acrobat 2024: Windows: 24.001.30362 or later and macOS: 24.001.30360 or later. Reference:
