Vulnerability-Lookup

WID-SEC-W-2026-0108

Vulnerability from csaf_certbund - Published: 2026-01-13 23:00 - Updated: 2026-01-14 23:00

Summary

Adobe Creative Cloud: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Adobe Creative Cloud umfasst Anwendungen und Dienste für Video, Design, Fotografie und Web.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Adobe Creative Cloud ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, und um Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2026-21275

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21276

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21277

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21278

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21280

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21281

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21283

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21287

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21288

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21298

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21299

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21300

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21301

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21302

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21303

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21304

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21305

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21306

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

CVE-2026-21308

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Adobe	`cpe:/a:adobe:creative_cloud:-`	—

References

11 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://helpx.adobe.com/security/products/bridge/…	external
https://helpx.adobe.com/security/products/illustr…	external
https://helpx.adobe.com/security/products/incopy/…	external
https://helpx.adobe.com/security/products/indesig…	external
https://helpx.adobe.com/security/products/substan…	external
https://helpx.adobe.com/security/products/substan…	external
https://helpx.adobe.com/security/products/substan…	external
https://helpx.adobe.com/security/products/substan…	external
https://helpx.adobe.com/security/products/substan…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Adobe Creative Cloud umfasst Anwendungen und Dienste f\u00fcr Video, Design, Fotografie und Web.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Adobe Creative Cloud ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, und um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0108 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0108.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0108 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0108"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin vom 2026-01-13",
        "url": "https://helpx.adobe.com/security/products/bridge/apsb26-07.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin vom 2026-01-13",
        "url": "https://helpx.adobe.com/security/products/illustrator/apsb26-03.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin vom 2026-01-13",
        "url": "https://helpx.adobe.com/security/products/incopy/apsb26-04.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin vom 2026-01-13",
        "url": "https://helpx.adobe.com/security/products/indesign/apsb26-02.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin vom 2026-01-13",
        "url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb26-13.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin vom 2026-01-13",
        "url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb26-08.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin vom 2026-01-13",
        "url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-11.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin vom 2026-01-13",
        "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb26-10.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin vom 2026-01-13",
        "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb26-09.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Adobe Creative Cloud: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-01-14T23:00:00.000+00:00",
      "generator": {
        "date": "2026-01-15T10:27:35.384+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0108",
      "initial_release_date": "2026-01-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-01-14T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-2043, EUVD-2026-2042"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Adobe Creative Cloud",
            "product": {
              "name": "Adobe Creative Cloud",
              "product_id": "T049951",
              "product_identification_helper": {
                "cpe": "cpe:/a:adobe:creative_cloud:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Adobe"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-21275",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21275"
    },
    {
      "cve": "CVE-2026-21276",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21276"
    },
    {
      "cve": "CVE-2026-21277",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21277"
    },
    {
      "cve": "CVE-2026-21278",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21278"
    },
    {
      "cve": "CVE-2026-21280",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21280"
    },
    {
      "cve": "CVE-2026-21281",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21281"
    },
    {
      "cve": "CVE-2026-21283",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21283"
    },
    {
      "cve": "CVE-2026-21287",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21287"
    },
    {
      "cve": "CVE-2026-21288",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21288"
    },
    {
      "cve": "CVE-2026-21298",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21298"
    },
    {
      "cve": "CVE-2026-21299",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21299"
    },
    {
      "cve": "CVE-2026-21300",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21300"
    },
    {
      "cve": "CVE-2026-21301",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21301"
    },
    {
      "cve": "CVE-2026-21302",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21302"
    },
    {
      "cve": "CVE-2026-21303",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21303"
    },
    {
      "cve": "CVE-2026-21304",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21304"
    },
    {
      "cve": "CVE-2026-21305",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21305"
    },
    {
      "cve": "CVE-2026-21306",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21306"
    },
    {
      "cve": "CVE-2026-21308",
      "product_status": {
        "known_affected": [
          "T049951"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-21308"
    }
  ]
}

CVE-2026-21275 (GCVE-0-2026-21275)

Vulnerability from cvelistv5 – Published: 2026-01-13 18:35 – Updated: 2026-02-26 15:04

Title

InDesign Desktop | Access of Uninitialized Pointer (CWE-824)

Summary

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-824 - Access of Uninitialized Pointer (CWE-824)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/indesig…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	InDesign Desktop	Affected: 0 , ≤ 19.5.5 (semver)

Date Public

2026-01-13 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21275",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T04:57:33.576191Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:15.877Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "InDesign Desktop",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "19.5.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "Access of Uninitialized Pointer (CWE-824)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T18:35:36.863Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/indesign/apsb26-02.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "InDesign Desktop | Access of Uninitialized Pointer (CWE-824)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-21275",
    "datePublished": "2026-01-13T18:35:36.863Z",
    "dateReserved": "2025-12-12T22:01:18.188Z",
    "dateUpdated": "2026-02-26T15:04:15.877Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21276 (GCVE-0-2026-21276)

Vulnerability from cvelistv5 – Published: 2026-01-13 18:35 – Updated: 2026-02-26 15:04

Title

InDesign Desktop | Access of Uninitialized Pointer (CWE-824)

Summary

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-824 - Access of Uninitialized Pointer (CWE-824)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/indesig…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	InDesign Desktop	Affected: 0 , ≤ 19.5.5 (semver)

Date Public

2026-01-13 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21276",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T04:57:34.565645Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:16.177Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "InDesign Desktop",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "19.5.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "Access of Uninitialized Pointer (CWE-824)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T18:35:35.275Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/indesign/apsb26-02.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "InDesign Desktop | Access of Uninitialized Pointer (CWE-824)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-21276",
    "datePublished": "2026-01-13T18:35:35.275Z",
    "dateReserved": "2025-12-12T22:01:18.188Z",
    "dateUpdated": "2026-02-26T15:04:16.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21277 (GCVE-0-2026-21277)

Vulnerability from cvelistv5 – Published: 2026-01-13 18:35 – Updated: 2026-02-26 15:04

Title

InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

Summary

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow (CWE-122)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/indesig…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	InDesign Desktop	Affected: 0 , ≤ 19.5.5 (semver)

Date Public

2026-01-13 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21277",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T04:57:35.572139Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:15.298Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "InDesign Desktop",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "19.5.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow (CWE-122)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T18:35:38.439Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/indesign/apsb26-02.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "InDesign Desktop | Heap-based Buffer Overflow (CWE-122)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-21277",
    "datePublished": "2026-01-13T18:35:38.439Z",
    "dateReserved": "2025-12-12T22:01:18.188Z",
    "dateUpdated": "2026-02-26T15:04:15.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21278 (GCVE-0-2026-21278)

Vulnerability from cvelistv5 – Published: 2026-01-13 18:35 – Updated: 2026-01-13 19:06

Title

InDesign Desktop | Out-of-bounds Read (CWE-125)

Summary

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-125 - Out-of-bounds Read (CWE-125)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/indesig…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	InDesign Desktop	Affected: 0 , ≤ 19.5.5 (semver)

Date Public

2026-01-13 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21278",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T19:05:31.538917Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T19:06:06.133Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "InDesign Desktop",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "19.5.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.5,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read (CWE-125)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T18:35:36.092Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/indesign/apsb26-02.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "InDesign Desktop | Out-of-bounds Read (CWE-125)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-21278",
    "datePublished": "2026-01-13T18:35:36.092Z",
    "dateReserved": "2025-12-12T22:01:18.188Z",
    "dateUpdated": "2026-01-13T19:06:06.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21280 (GCVE-0-2026-21280)

Vulnerability from cvelistv5 – Published: 2026-01-13 18:41 – Updated: 2026-02-26 15:04

Title

Illustrator | Untrusted Search Path (CWE-426)

Summary

Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.

Severity

8.6 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-426 - Untrusted Search Path (CWE-426)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/illustr…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Illustrator	Affected: 0 , ≤ 30.0 (semver)

Date Public

2026-01-13 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21280",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T04:57:37.577103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:14.949Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Illustrator",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "30.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.6,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 8.6,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path (CWE-426)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T18:41:21.310Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/illustrator/apsb26-03.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Illustrator | Untrusted Search Path (CWE-426)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-21280",
    "datePublished": "2026-01-13T18:41:21.310Z",
    "dateReserved": "2025-12-12T22:01:18.188Z",
    "dateUpdated": "2026-02-26T15:04:14.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21281 (GCVE-0-2026-21281)

Vulnerability from cvelistv5 – Published: 2026-01-13 18:45 – Updated: 2026-02-26 15:04

Title

InCopy | Heap-based Buffer Overflow (CWE-122)

Summary

InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow (CWE-122)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/incopy/…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	InCopy	Affected: 0 , ≤ 19.5.5 (semver)

Date Public

2026-01-13 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21281",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T04:57:38.563465Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:14.608Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "InCopy",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "19.5.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow (CWE-122)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T18:45:30.580Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/incopy/apsb26-04.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "InCopy | Heap-based Buffer Overflow (CWE-122)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-21281",
    "datePublished": "2026-01-13T18:45:30.580Z",
    "dateReserved": "2025-12-12T22:01:18.188Z",
    "dateUpdated": "2026-02-26T15:04:14.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21283 (GCVE-0-2026-21283)

Vulnerability from cvelistv5 – Published: 2026-01-13 18:48 – Updated: 2026-02-26 15:04

Title

Bridge | Heap-based Buffer Overflow (CWE-122)

Summary

Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow (CWE-122)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/bridge/…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Bridge	Affected: 0 , ≤ 16.0 (semver)

Date Public

2026-01-13 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21283",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T04:57:45.410504Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:14.303Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Bridge",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "16.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow (CWE-122)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T18:48:13.904Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/bridge/apsb26-07.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Bridge | Heap-based Buffer Overflow (CWE-122)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-21283",
    "datePublished": "2026-01-13T18:48:13.904Z",
    "dateReserved": "2025-12-12T22:01:18.189Z",
    "dateUpdated": "2026-02-26T15:04:14.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21287 (GCVE-0-2026-21287)

Vulnerability from cvelistv5 – Published: 2026-01-13 19:44 – Updated: 2026-02-26 15:04

Title

Substance3D - Stager | Use After Free (CWE-416)

Summary

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free (CWE-416)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/substan…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Substance3D - Stager	Affected: 0 , ≤ 3.1.5 (semver)

Date Public

2026-01-13 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21287",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T04:56:00.734627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:13.722Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Stager",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "3.1.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free (CWE-416)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T19:44:45.957Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb26-09.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Stager | Use After Free (CWE-416)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-21287",
    "datePublished": "2026-01-13T19:44:45.957Z",
    "dateReserved": "2025-12-12T22:01:18.190Z",
    "dateUpdated": "2026-02-26T15:04:13.722Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21288 (GCVE-0-2026-21288)

Vulnerability from cvelistv5 – Published: 2026-01-13 18:41 – Updated: 2026-01-13 19:02

Title

Illustrator | NULL Pointer Dereference (CWE-476)

Summary

Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-476 - NULL Pointer Dereference (CWE-476)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/illustr…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Illustrator	Affected: 0 , ≤ 30.0 (semver)

Date Public

2026-01-13 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21288",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T19:02:11.646654Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T19:02:39.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Illustrator",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "30.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.5,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference (CWE-476)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T18:41:20.363Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/illustrator/apsb26-03.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Illustrator | NULL Pointer Dereference (CWE-476)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-21288",
    "datePublished": "2026-01-13T18:41:20.363Z",
    "dateReserved": "2025-12-12T22:01:18.190Z",
    "dateUpdated": "2026-01-13T19:02:39.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21298 (GCVE-0-2026-21298)

Vulnerability from cvelistv5 – Published: 2026-01-13 20:20 – Updated: 2026-02-26 15:04

Title

Substance3D - Modeler | Out-of-bounds Write (CWE-787)

Summary

Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-787 - Out-of-bounds Write (CWE-787)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/substan…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Substance3D - Modeler	Affected: 0 , ≤ 1.22.4 (semver)

Date Public

2026-01-13 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21298",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T04:57:52.659081Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:10.758Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Modeler",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "1.22.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write (CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T20:20:19.101Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb26-08.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Modeler | Out-of-bounds Write (CWE-787)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-21298",
    "datePublished": "2026-01-13T20:20:19.101Z",
    "dateReserved": "2025-12-12T22:01:18.191Z",
    "dateUpdated": "2026-02-26T15:04:10.758Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0108

CVE-2026-21275 (GCVE-0-2026-21275)

CVE-2026-21276 (GCVE-0-2026-21276)

CVE-2026-21277 (GCVE-0-2026-21277)

CVE-2026-21278 (GCVE-0-2026-21278)

CVE-2026-21280 (GCVE-0-2026-21280)

CVE-2026-21281 (GCVE-0-2026-21281)

CVE-2026-21283 (GCVE-0-2026-21283)

CVE-2026-21287 (GCVE-0-2026-21287)

CVE-2026-21288 (GCVE-0-2026-21288)

CVE-2026-21298 (GCVE-0-2026-21298)

Tags

Sightings

Nomenclature