Adobe Acrobat and Reader Prototype Pollution Vulnerability
Details
CVSS v3
9.6
NVD published
2026-04-11 07:16:03
CISA date
2026-04-13
EPSS
9.9% probability · 93.1th percentile — 2026-05-12
Affected versions
Adobe Acrobat Reader 24.001.30356, 26.001.21367 and earlier
Summary
This vulnerability is a prototype pollution flaw in Adobe Acrobat Reader that enables arbitrary code execution. Successful exploitation allows an attacker to run malicious code in the context of the current active user on the system. Exploitation requires the victim to open a specially crafted malicious PDF file.
Remediation
Update Adobe Acrobat Reader to the latest patched version provided by Adobe as soon as possible. Advise users to avoid opening PDF files received from untrusted or unknown sources to reduce exploitation risk.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.