CVE-2026-34621: Prototype Pollution to Arbitrary Code Execution in Adobe Acrobat EScript Engine

CVE-2026-34621 resides within the EScript engine of Adobe Acrobat and Reader. This component evaluates and executes JavaScript embedded within PDF documents. Document-level JavaScript operates within a restricted sandbox to prevent malicious actions on the host system.

The core vulnerability is classified as Improperly Controlled Modification of Object Prototype Attributes (CWE-1321), commonly known as Prototype Pollution. The flaw manifests in how the EScript engine parses user-controlled objects and passes them to internal native bridge functions. These functions govern the Acrobat Trust Model.

By carefully crafting a PDF document, an attacker can modify the global Object.prototype. This modification injects malicious properties that inherit across all JavaScript objects instantiated within the engine. The resulting pollution allows the attacker to deceive the trust validation logic.

Successfully bypassing the trust validation grants document-level scripts access to privileged APIs. These APIs include functions capable of interacting with the local filesystem and network. The ultimate impact is local file disclosure and arbitrary code execution in the context of the current user.

The Acrobat Trust Model relies on specific JavaScript object properties to verify whether a function execution context is authorized to invoke privileged APIs. Native bridge helpers, such as app.beginPriv and app.trustedFunction, validate these properties before granting access.

Because the validation routine dynamically checks for the presence and value of trust indicator properties on the execution object, it is vulnerable to prototype chain traversal. If the execution object does not define a requested property, the JavaScript engine traverses up the prototype chain to resolve it.

An attacker achieves prototype pollution by writing to the __proto__ or constructor.prototype properties of a standard JavaScript object within the PDF script. When the attacker sets a trust-indicating key on the global prototype, all subsequent object validations inherit this manipulated state.

The native C++ implementation of the EScript bridge queries the V8/SpiderMonkey engine context for these keys without enforcing an own-property check. Consequently, the native code reads the polluted value from the global prototype, incorrectly determining that the calling context possesses administrative or trusted privileges.

The vulnerability relies on the structural interface between the JavaScript runtime and the native Acrobat API bindings. When a script calls a privileged function, the engine constructs a context object to evaluate authorization.

The vulnerable implementation performs a naive property lookup. It evaluates contextObject[trustedKey] without verifying if the key belongs directly to the contextObject.

// Conceptual representation of the vulnerable bridge logic
function checkTrustContext(executionCtx) {
    // Vulnerable: Reads from the prototype chain if 'isTrusted' is undefined on executionCtx
    if (executionCtx.isTrusted === true) {
        grantPrivilege();
    } else {
        denyPrivilege();
    }
}
 
// Attacker pollutes the prototype
Object.prototype.isTrusted = true;
 
// A newly created context inherits the polluted property
let currentContext = {};
checkTrustContext(currentContext); // Bypasses validation

The patched implementation mitigates this by enforcing strict prototype boundaries during context evaluation. Native handlers now use dictionary objects devoid of prototypes, or they explicitly invoke property-ownership checks before evaluating trust indicators.

// Conceptual representation of the patched bridge logic
function checkTrustContext(executionCtx) {
    // Patched: Enforces own-property validation
    if (Object.prototype.hasOwnProperty.call(executionCtx, 'isTrusted') && executionCtx.isTrusted === true) {
        grantPrivilege();
    } else {
        denyPrivilege();
    }
}

Alternatively, Adobe developers initialized internal trust objects using Object.create(null). This approach entirely severs the prototype chain for sensitive configuration objects, ensuring that global pollution cannot influence internal state logic.

Exploitation of CVE-2026-34621 requires user interaction to open a malicious PDF file. Once the file is rendered, the embedded EScript payload executes automatically. Attackers execute a documented three-stage chain to achieve system compromise.

In the first stage, the script pollutes the Object.prototype to manipulate the context evaluated by app.trustedFunction. The attacker then registers a custom, malicious function as a trusted entity within the Acrobat environment. This effectively elevates the privilege level of the payload.

In the second stage, the attacker leverages the newly acquired trusted status to invoke util.readFileIntoStream(). This specific API allows the script to specify exact file paths on the local host. Active exploits target SSH keys, browser profile databases, and local application credentials.

In the final stage, the payload utilizes the RSS.addFeed() API to exfiltrate the collected data. This function initiates network communication from the Acrobat.exe process to an attacker-controlled endpoint. Network defenses often overlook this traffic due to the legitimate nature of the Acrobat binary.

The vulnerability carries a CVSS 3.1 base score of 8.6, reflecting the severity of the privilege boundary failure. The Scope metric evaluates to Changed (S:C) because the exploit breaks out of the Acrobat JavaScript sandbox to affect the host operating system.

Confidentiality, Integrity, and Availability impacts are all rated High. The attacker gains the ability to read arbitrary files, manipulate local system configurations via dropped executables, and disrupt system operations. Code execution occurs under the privileges of the user running Acrobat.

Exploitation telemetry confirms that this vulnerability operated as a zero-day since at least December 2025. Advanced persistent threat (APT) groups integrated the exploit into targeted spear-phishing campaigns. The maturity of the exploit chain indicates a deep understanding of Adobe internal API structures.

The inclusion of this vulnerability in the CISA Known Exploited Vulnerabilities (KEV) catalog mandates rapid remediation for federal agencies. The high EPSS score (90.77th percentile) corroborates the widespread availability and high probability of continued exploitation attempts against unpatched endpoints.

Organizations must immediately deploy the patches specified in Adobe Security Bulletin APSB26-43. The fixed versions are 26.001.21411 for continuous tracks and 24.001.30362 for classic tracks. These updates implement the necessary prototype ownership validations within the EScript bridge.

If immediate patching is unfeasible, administrators must disable Adobe Acrobat JavaScript execution globally. This action neutralizes the attack vector entirely, as the exploit relies on the EScript engine to pollute the environment. Users can apply this setting via the application preferences menu.

For enterprise environments, security teams should enforce JavaScript disabling via Group Policy Objects (GPO) or mobile device management solutions like Microsoft Intune. Modifying the registry key [HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\JSPrefs] to set bEnableJS to 0 scales this mitigation across Windows domains.

Security operations centers should deploy YARA and Nuclei detection rules to identify malicious PDF documents containing obfuscated references to __proto__ and app.beginPriv. Endpoint detection systems must monitor Acrobat.exe and AcroRd32.exe for anomalous file reads in user profile directories.