CVE-2026-34621 PoC Identified as Campaign Weaponizer Targeting Brazilian Fintech

CVE-2026-34621 is an Adobe Acrobat prototype pollution vulnerability leading to arbitrary code execution, with a CVSS score of 8.6 and inclusion on CISA’s Known Exploited Vulnerabilities list. The published proof-of-concept (PoC) repository contains a full cross-platform exploitation kit, including environment keying, lure PDF merging, staged payloads, persistence mechanisms for Windows and macOS, and a campaign-tracking JSON ledger. The tool also includes a targets file with 62 pre-authenticated entries tied to Brazilian financial infrastructure. The writeup details the privilege escalation mechanism, scripted URL-launch behavior, and features suggesting its intended use.