Security Vulnerability Report
中文
CVE-2026-21276 CVSS 7.8 HIGH

CVE-2026-21276

Published: 2026-01-13 19:16:25
Last Modified: 2026-01-14 19:28:06
Source: [email protected]

Description

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Details

CVSS Score
7.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE
Adobe InDesign Desktop <= 21.0
Adobe InDesign Desktop <= 19.5.5
Adobe InDesign Desktop 19.x 系列所有版本
Adobe InDesign Desktop 18.x 及更早版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* CVE-2026-21276 PoC - Adobe InDesign Uninitialized Pointer Access Note: This is a conceptual proof-of-concept demonstrating the vulnerability pattern. Actual exploitation requires specific file crafting. DISCLAIMER: This code is for educational and security research purposes only. Unauthorized exploitation of vulnerabilities is illegal. */ #include <stdio.h> #include <stdlib.h> #include <string.h> // Simulated structure representing an uninitialized pointer vulnerability typedef struct { char* uninitialized_ptr; // This would be uninitialized in the vulnerable code int data_length; char* buffer; } VulnerableDocumentStructure; void process_document(const char* malicious_file) { VulnerableDocumentStructure doc; // Vulnerability: uninitialized_ptr is not set before use // In actual InDesign, this would occur during file parsing FILE* file = fopen(malicious_file, "rb"); if (!file) { printf("Error: Cannot open file\n"); return; } // Read file header with malicious data fread(&doc.data_length, sizeof(int), 1, file); doc.buffer = (char*)malloc(doc.data_length); fread(doc.buffer, 1, doc.data_length, file); // Vulnerability trigger: accessing uninitialized pointer // In real exploit, this would lead to arbitrary code execution if (doc.uninitialized_ptr != NULL) { // This branch might execute arbitrary code if pointer is controlled printf("Triggering uninitialized pointer access...\n"); // Potential arbitrary code execution here } fclose(file); free(doc.buffer); } int main(int argc, char* argv[]) { if (argc != 2) { printf("Usage: %s <malicious_indd_file>\n", argv[0]); return 1; } printf("Processing document: %s\n", argv[1]); process_document(argv[1]); return 0; } /* Attack Scenario: 1. Attacker crafts a malicious .indd file with specific byte patterns 2. File contains structures that trigger uninitialized pointer access 3. Victim opens the file in vulnerable InDesign version 4. Exploitation leads to arbitrary code execution 5. Attacker gains control of the system with victim's privileges Mitigation: - Update to Adobe InDesign version 21.1 or later - Apply official patch from Adobe APSB26-02 - Avoid opening files from untrusted sources */

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-21276", "sourceIdentifier": "[email protected]", "published": "2026-01-13T19:16:25.200", "lastModified": "2026-01-14T19:28:06.030", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Las versiones 21.0, 19.5.5 y anteriores de InDesign Desktop están afectadas por una vulnerabilidad de Acceso a Puntero No Inicializado que podría resultar en ejecución de código arbitrario en el contexto del usuario actual. La explotación de este problema requiere interacción del usuario, ya que la víctima debe abrir un archivo malicioso."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-824"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.5.1", "matchCriteriaId": "7BFF153C-8825-407C-AF58-4AC567601D68"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", "versionStartIncluding": "21.0", "versionEndExcluding": "21.1", "matchCriteriaId": "7BF7435F-7314-440A-89A8-8C3D4CCCDD63"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-02.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.