CVE-2026-27299
Received Received - Intake
Improper Input Validation in Adobe FrameMaker Allows Arbitrary File Read

Publication date: 2026-04-14

Last updated on: 2026-04-15

Assigner: Adobe Systems Incorporated

Description
Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27299
EUVD
EUVD-2026-22794
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adobe framemaker to 2022.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Adobe Framemaker versions 2022.8 and earlier. It is an Improper Input Validation issue that allows an attacker to read arbitrary files from the file system. To exploit this vulnerability, an attacker needs the victim to open a specially crafted malicious file.

Impact Analysis

If exploited, this vulnerability could allow an attacker to access sensitive files or data on your system without authorization. This could lead to exposure of confidential information, potentially compromising your privacy or security.

Mitigation Strategies

To mitigate this vulnerability, avoid opening files from untrusted or unknown sources in Adobe Framemaker versions 2022.8 and earlier.

Consider updating Adobe Framemaker to a version later than 2022.8 once a patch or fix is available from Adobe.

Since exploitation requires user interaction, educating users about the risks of opening suspicious files can help reduce exposure.

Compliance Impact

This vulnerability allows an attacker to read arbitrary files on the system by exploiting improper input validation, potentially leading to unauthorized access to sensitive data.

Such unauthorized access to sensitive information could impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.

However, exploitation requires user interaction, specifically opening a malicious file, which may influence the risk assessment under these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27299. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart