Description
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Published: 2026-03-17
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Disclosure via Out-of-Bounds Read
Action: Check for Updates
AI Analysis

Impact

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. An attacker that supplies a specially crafted EMF file can trigger the vulnerability, allowing a read beyond the intended memory bounds which can expose sensitive data. The weakness is identified as CWE-125 (Out-of-Bounds Read) and has a CVSS score of 6.1, indicating a moderate impact on confidentiality.

Affected Systems

The affected product is Canva Affinity, as identified by the CNA and the CPE string cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*. No specific version information is provided in the CNA data, so all released versions of Canva Affinity for Windows may be susceptible until a patch is issued.

Risk and Exploitability

The CVE has an EPSS score of less than 1% and is not listed in the CISA KEV catalog, suggesting a low likelihood of exploitation in the wild. The vulnerability can be triggered by a specially crafted EMF file, implying that the likely attack vector is local or through a user-supplied file. No public exploit code is currently known, but the moderate CVSS score underscores that the privilege to read sensitive data is a significant concern if the vector is leveraged.

Generated by OpenCVE AI on March 19, 2026 at 13:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Canva’s official website or support channels for any available patches or updates for Affinity. If no patch is available, avoid opening or processing any untrusted EMF files. Keep the application and the operating system updated, and consider restricting file associations for EMF files to trusted processes.

Generated by OpenCVE AI on March 19, 2026 at 13:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*

Wed, 18 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:canva:affinity:-:*:*:*:*:windows:*:*

Wed, 18 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 17 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Canva
Canva affinity
CPEs cpe:2.3:a:canva:affinity:-:*:*:*:*:windows:*:*
Vendors & Products Canva
Canva affinity

Tue, 17 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L'}

Subscriptions

Canva Affinity
cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2026-03-18T17:00:26.511Z

Reserved: 2026-01-14T15:54:57.953Z

Link: CVE-2026-20726

cve-icon Vulnrichment

Updated: 2026-03-17T20:11:38.448Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T19:16:00.430

Modified: 2026-03-19T12:12:59.160

Link: CVE-2026-20726

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:55:03Z

Weaknesses