CVE-2026-27297
Received Received - Intake
Integer Underflow in Adobe FrameMaker Allows Code Execution

Publication date: 2026-04-14

Last updated on: 2026-04-15

Assigner: Adobe Systems Incorporated

Description
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-15
Generated
2026-05-07
AI Q&A
2026-04-15
EPSS Evaluated
2026-05-05
NVD
CVE-2026-27297
EUVD
EUVD-2026-22790
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adobe framemaker to 2022.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, avoid opening malicious files in Adobe Framemaker versions 2022.8 and earlier, as exploitation requires user interaction through opening a malicious file.

Consider updating Adobe Framemaker to a version later than 2022.8 once a patch or update is available from Adobe.

Implement user awareness training to prevent opening suspicious or untrusted files.


Can you explain this vulnerability to me?

This vulnerability is an Integer Underflow (Wrap or Wraparound) issue found in Adobe Framemaker versions 2022.8 and earlier. It occurs when an integer value is decreased below its minimum value, causing it to wrap around to a very large number. This flaw can be exploited by an attacker to execute arbitrary code within the context of the current user.

Exploitation requires user interaction, specifically that the victim opens a malicious file crafted to trigger this vulnerability.


How can this vulnerability impact me? :

If exploited, this vulnerability can lead to arbitrary code execution with the privileges of the current user. This means an attacker could potentially run malicious code, compromise the affected system, steal data, or perform other unauthorized actions.

Since exploitation requires user interaction (opening a malicious file), the risk depends on user behavior and security awareness.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart