Description
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-02-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Apply Patch
AI Analysis

Impact

Adobe After Effects versions 25.6 and earlier suffer from a use‑after‑free vulnerability that allows an attacker to execute arbitrary code in the context of the user running the application. The flaw is classified under CWE‑416 and could lead to full compromise of the user’s machine if exploited. The impact is confined to the privileges of the logged‑in user but can be severe if the user has administrative or other elevated rights.

Affected Systems

Adobe After Effects, available for both macOS and Windows platforms. Any installation of After Effects version 25.6 or earlier is affected, regardless of the operating system version or hardware.

Risk and Exploitability

The CVSS score of 7.8 signals a high severity, and the EPSS score of less than 1% indicates the vulnerability is currently under low exploitation probability. Because the vulnerability is only exploitable when a user opens a malicious file, the attack vector is user‑initiated and local, though it can lead to remote code execution within the user’s session if the user executes the file. The vulnerability is not listed in the CISA KEV catalog, meaning no publicly reported exploitation has been confirmed yet. Still, the high CVSS and the nature of the flaw warrant prompt attention.

Generated by OpenCVE AI on April 18, 2026 at 12:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe After Effects to a version newer than 25.6 via the official Adobe update mechanism or by installing the latest Adobe Creative Cloud application
  • Disable automatic opening of files in After Effects preferences to reduce the chance that a malicious file is executed on launch
  • Configure your operating system’s file‑level security or antivirus to block or quarantine .aep files from untrusted sources

Generated by OpenCVE AI on April 18, 2026 at 12:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Tue, 10 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe after Effects
Vendors & Products Adobe
Adobe after Effects

Tue, 10 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title After Effects | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe After Effects
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-02-26T14:44:34.519Z

Reserved: 2025-12-12T22:01:18.194Z

Link: CVE-2026-21326

cve-icon Vulnrichment

Updated: 2026-02-10T19:33:47.007Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T18:16:30.380

Modified: 2026-02-11T17:36:27.173

Link: CVE-2026-21326

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:00:08Z

Weaknesses