Does CVE-2026-34621 affect or is exploitable within the Datalogics APDFL?

CVE-2026-34621 is a vulnerability identified in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367, and earlier. It is classified as an improperly controlled modification of object prototype attributes, commonly referred to as a prototype pollution vulnerability.

If exploited, this issue could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically that the user opens a specially crafted malicious file.

This vulnerability originates within the Acrobat-PDFL JavaScript SDK, particularly within functionality documented in the Acrobat JavaScript API.
https://opensource.adobe.com/dc-acrobat-sdk-docs/library/jsapiref/JS_API_AcroJS.html#readfileintostream

Although Adobe Acrobat is built on Adobe’s internal PDF Library (PDFL), it is important to note that this implementation differs from the Datalogics Adobe PDF Library (APDFL). Datalogics APDFL does not include a JavaScript interface, and therefore is not affected by this vulnerability.