CVE-2026-21350
Analyzed Analyzed - Analysis Complete
NULL Pointer Dereference in Adobe After Effects Causes DoS

Publication date: 2026-02-10

Last updated on: 2026-02-11

Assigner: Adobe Systems Incorporated

Description
After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-21350
EUVD
EUVD-2026-7059
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adobe after_effects to 25.6.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL Pointer Dereference issue affecting Adobe After Effects versions 25.6 and earlier. It occurs when the application attempts to access a null pointer, which can cause the application to crash.

An attacker can exploit this vulnerability by tricking a user into opening a malicious file, which then causes the application to crash, leading to a denial-of-service condition.

Impact Analysis

The primary impact of this vulnerability is a denial-of-service condition where the Adobe After Effects application crashes.

This disruption can affect productivity or availability of services relying on the application, but it does not lead to data compromise since confidentiality and integrity are not affected.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, avoid opening malicious files in After Effects versions 25.6 and earlier.

Consider updating After Effects to a version later than 25.6 once a patch is available.

Since exploitation requires user interaction, educating users to not open suspicious or untrusted files can reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21350. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart