Adobe Acrobat Reader: Malicious File Access via User Action

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.3

Adobe Acrobat Reader: Malicious File Access via User Action

CVE-2026-34626

Summary

Adobe Acrobat Reader versions 26.001.21411 and earlier have a security flaw that could allow a malicious file to access your computer's files without your knowledge. This happens when you open a suspicious file, and it's fixed by updating to the latest version. Update your software to protect your files.

Original title

Original description

Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

nvd CVSS3.1 6.3

Vulnerability type

CWE-1321 Prototype Pollution

https://helpx.adobe.com/security/products/acrobat/apsb26-44.html

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026