CVE-2026-27299
Improper Input Validation in Adobe FrameMaker Allows Arbitrary File Read
Publication date: 2026-04-14
Last updated on: 2026-04-15
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | framemaker | to 2022.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Adobe Framemaker versions 2022.8 and earlier. It is an Improper Input Validation issue that allows an attacker to read arbitrary files from the file system. To exploit this vulnerability, an attacker needs the victim to open a specially crafted malicious file.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to access sensitive files or data on your system without authorization. This could lead to exposure of confidential information, potentially compromising your privacy or security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening files from untrusted or unknown sources in Adobe Framemaker versions 2022.8 and earlier.
Consider updating Adobe Framemaker to a version later than 2022.8 once a patch or fix is available from Adobe.
Since exploitation requires user interaction, educating users about the risks of opening suspicious files can help reduce exposure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker to read arbitrary files on the system by exploiting improper input validation, potentially leading to unauthorized access to sensitive data.
Such unauthorized access to sensitive information could impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.
However, exploitation requires user interaction, specifically opening a malicious file, which may influence the risk assessment under these standards.