CVE-2026-34621 is a prototype pollution vulnerability in Adobe Acrobat DC and Acrobat Reader DC that enables arbitrary code execution via malicious PDF delivery, with confirmed active exploitation dating to December 2025 — approximately four months before the emergency patch released April 12, 2026. Two source items cover this CVE: one provides detailed version scope (Acrobat DC and Reader DC 26.001.21367 and earlier, Acrobat 2024 24.001.30356 and earlier, Windows and macOS) with a CVSS base of 7.5 and priority score of 0.275; a second item reports it as critical with CVSS pending NVD publication under APSB26-43 — treat the higher severity characterization as unconfirmed pending NVD and APSB26-43 review. Immediate action required: apply the April 12 emergency patch across all endpoints, disable Acrobat JavaScript as a temporary control on systems pending patching, and review endpoint telemetry for Acrobat processes spawning shell or script interpreter child processes since December 2025.