CVE-2026-27294
Out-of-Bounds Read in Adobe FrameMaker Enables Code Execution
Publication date: 2026-04-14
Last updated on: 2026-04-15
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | framemaker | to 2022.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Adobe Framemaker versions 2022.8 and earlier. It is an out-of-bounds read issue that occurs when the software parses a specially crafted file. This means the program reads data beyond the allocated memory structure, which can lead to unexpected behavior.
An attacker could exploit this vulnerability by tricking a user into opening a malicious file, which could then allow the attacker to execute code with the same privileges as the current user.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the user who opened the malicious file.
- Potential loss of confidentiality, integrity, and availability of data.
- Compromise of the affected system leading to unauthorized actions.
- Possible further exploitation depending on user privileges.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening files from untrusted or unknown sources in Adobe Framemaker versions 2022.8 and earlier.
Since exploitation requires user interaction by opening a malicious file, educating users to be cautious with files received via email or other means is important.
Additionally, consider updating Adobe Framemaker to a version later than 2022.8 once a patch is available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Adobe Framemaker allows an attacker to execute code in the context of the current user by exploiting an out-of-bounds read when parsing a crafted file. This could potentially lead to unauthorized access or modification of sensitive data.
Such unauthorized access or data compromise could impact compliance with common standards and regulations like GDPR or HIPAA, which require protection of personal and sensitive information. However, the CVE description does not explicitly state the compliance implications.