[KEV] CVE-2026-34621 -- CVSS 0.0 Vulnerability Briefing

[KEV] CVE-2026-34621 | CVSS 0.0 (Low) | Exploit: Operational

What Is It

CVE-2026-34621 is a prototype pollution vulnerability in Adobe Acrobat and Reader that enables arbitrary code execution on affected systems.

Technical Detail

Prototype pollution occurs when an attacker is able to inject or modify properties on a JavaScript object prototype, causing those properties to propagate across all objects derived from that prototype. In the context of Adobe Acrobat and Reader, a specially crafted PDF document could trigger this condition, allowing an attacker to corrupt application logic and achieve arbitrary code execution within the context of the affected process. The practical impact is full code execution at the privilege level of the user running the application, which in many enterprise environments means user-level access with potential for further lateral movement.

Exploitation Status

CISA has confirmed active exploitation in the wild, adding this CVE to the Known Exploited Vulnerabilities catalog on April 13, 2026. The exploit maturity is rated Operational, meaning a reliable, functional exploit exists and is being used in real-world attacks rather than existing only as a proof of concept. Organizations should treat this as an actively weaponized vulnerability requiring immediate remediation.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. No campaign data, targeted sectors, or adversary identifiers are associated with this CVE in current intelligence reporting. This assessment may change as incident data is collected and analyzed.

What To Do

Apply the relevant Adobe security update for Acrobat and Reader immediately. Per CISA's Binding Operational Directive 22-01, federal civilian executive branch agencies are required to remediate this vulnerability by the deadline associated with the April 13, 2026 KEV listing. All organizations should treat this as a high-priority patch regardless of CVSS score, as the CVSS rating of 0.0 appears to be a data gap and does not reflect the confirmed active exploitation status. As an interim measure, consider restricting the opening of untrusted or externally sourced PDF files and disabling JavaScript execution within Acrobat and Reader through the application preferences if patching cannot be completed immediately. Monitor endpoint detection logs for anomalous process spawning from Acrobat or Reader processes as a potential indicator of exploitation.