Primary

Context

Adobe Acrobat and Reader Improper Prototype Pollution Vulnerability Allowing Arbitrary File System Read

Vulnerability

Patched

A prototype pollution vulnerability has been identified in Adobe Acrobat and Acrobat Reader versions through 26.001.21411, as well as in Acrobat 2024 versions through 24.001.30362 on Windows and macOS. This vulnerability could lead to arbitrary file system read in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file.

Impact

Exploitation of this vulnerability could result in unauthorized access to the user's file system, allowing for the reading of arbitrary files.

Remediation

Users are advised to update to the latest versions of Adobe Acrobat or Acrobat Reader. The latest versions can be downloaded from the Adobe website or via the Adobe Update mechanism. For IT administrators, update instructions are available in the release notes for each product.

Added: Apr 14, 2026, 11:11 PM

Updated: Apr 14, 2026, 11:11 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.2

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.2

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe Acrobat and Reader Improper Prototype Pollution Vulnerability Allowing Arbitrary File System Read

Vulnerability

Impact

Remediation

Affected Products

Adobe Acrobat Reader DC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating