Description
After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-02-10
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure through an out‑of‑bounds read that may leak memory contents
Action: Patch Now
AI Analysis

Impact

Adobe After Effects versions 25.6 and earlier contain an out‑of‑bounds read flaw that can expose memory contents, potentially revealing sensitive information to an attacker. The vulnerability requires a victim to open a malicious file, after which the read can occur.

Affected Systems

The affected product is Adobe After Effects version 25.6 or earlier on Windows and macOS operating systems.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The flaw is not listed in the CISA KEV catalog, and exploitation requires user interaction—specifically opening a crafted file—making it a moderate but low‑risk threat for users who avoid opening unknown documents.

Generated by OpenCVE AI on April 18, 2026 at 12:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe After Effects to the latest version or any release that includes the fix for this vulnerability.
  • Download the update from Adobe’s official website and verify its integrity.
  • Avoid opening or executing files from untrusted sources, as opening a malicious file is the only required precursor for exploitation.
  • Consider configuring file‑type restrictions or sandboxing to prevent accidental execution of potentially malicious files.

Generated by OpenCVE AI on April 18, 2026 at 12:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Wed, 11 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe after Effects
Vendors & Products Adobe
Adobe after Effects

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title After Effects | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe After Effects
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-02-11T15:17:34.056Z

Reserved: 2025-12-12T22:01:18.193Z

Link: CVE-2026-21319

cve-icon Vulnrichment

Updated: 2026-02-11T15:17:29.955Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T18:16:29.330

Modified: 2026-02-11T17:37:48.003

Link: CVE-2026-21319

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:00:08Z

Weaknesses