Adobe Acrobat Reader is affected by CVE-2026-34621, a critical zero-day vulnerability (CVSS 9.6 per one source, 9.5 per vendor advisory APSB26-43) that has been actively exploited in the wild since at least December 2025 via malicious PDF files delivered through phishing. The vulnerability is a prototype pollution flaw (CWE-1321) enabling arbitrary code execution; two correlated items cover this single CVE from different intelligence sources, both flagged as flash priority. Organizations should apply the emergency patch from Adobe Security Bulletin APSB26-43 immediately, prioritizing systems handling sensitive data and externally reachable endpoints, and implement interim controls including blocking unsolicited PDF attachments at the email gateway and restricting Acrobat Reader from spawning shell or scripting child processes via EDR policy.