COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-34621

CVE-2026-34621

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-13
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-34621
⚡ RCE ⌖ exploited in the wild shame 85/100 rceexploited-in-wildransomwaresupply-chainunpatched

Adobe Acrobat and Reader are actively exploited for arbitrary code execution via prototype pollution.

This prototype pollution vulnerability enables remote code execution in Adobe Acrobat and Reader, which are widely deployed in defense environments. DIB organizations must immediately patch and audit their Acrobat installations to prevent ransomware or espionage entry points.

Shame score — Active exploitation of a high-severity RCE vulnerability in a ubiquitous DIB tool indicates a critical security gap.

Players implicated

Adobe · vendorAcrobat and Reader · product

Description

Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.

Affected FedRAMP products 8 in the catalog

ProductProviderStatusMatch
Adobe Acrobat Sign for Government Adobe Authorized vendor-exact · 0.90
Adobe Analytics Adobe Authorized vendor-exact · 0.90
Adobe Campaign Adobe Authorized vendor-exact · 0.90
Adobe Connect Managed Services (ACMS-GC) Adobe Authorized vendor-exact · 0.90
Adobe Creative Cloud for Enterprise Adobe Authorized vendor-exact · 0.90
Adobe Document Cloud (PDF Services & Adobe Sign) Adobe Authorized vendor-exact · 0.90
Adobe Experience Manager Managed Services (AEMMS-GC) Adobe Authorized vendor-exact · 0.90
Adobe Learning Manager Adobe Authorized vendor-exact · 0.90