Key Findings Adobe released emergency patches for CVE-2026-34621, a critical vulnerability in Acrobat Reader actively exploited in the wild The flaw has a CVSS score of 8.6 and allows arbitrary code execution through prototype pollution in JavaScript Evidence suggests exploitation has been occurring since at least December 2025 Security researcher Haifei Li discovered the vulnerability being used to deliver malicious JavaScript via crafted PDFs Affected versions include Acrob
