Description
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-02-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Patch
AI Analysis

Impact

Adobe Bridge versions 15.1.3, 16.0.1 and earlier contain an out-of-bounds write that corrupts memory while parsing a file, giving an attacker the ability to execute arbitrary code in the context of the current user. The vulnerability is a classic memory corruption flaw (CWE-787) that can compromise confidentiality, integrity and availability of the affected system.

Affected Systems

The affected product is Adobe Bridge operating on macOS and Windows. Vulnerable releases are 15.1.3, 16.0.1 and earlier; based on the description, it is inferred that newer Bridge releases are not impacted.

Risk and Exploitability

The CVSS score is 7.8, indicating high severity. The EPSS score is less than 1 %, suggesting a low probability of active exploitation, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a victim to open a malicious file—typically delivered via email attachment, download or other file-transfer mechanisms. Successful exploitation grants the attacker arbitrary code execution as the current user.

Generated by OpenCVE AI on April 18, 2026 at 18:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe Bridge update (17 or later) to apply the out-of-bounds write fix.
  • If an update cannot be applied immediately, block Adobe Bridge from automatically opening unknown or untrusted file types by removing file type associations or disabling preview features in the operating system or within Bridge.
  • Provide user training to verify the legitimacy of files before opening them and encourage the use of email attachment scanning and endpoint protection to prevent delivery of malicious files.

Generated by OpenCVE AI on April 18, 2026 at 18:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Tue, 10 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe bridge
Vendors & Products Adobe
Adobe bridge

Tue, 10 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Bridge | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Bridge
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-02-26T14:44:30.157Z

Reserved: 2025-12-12T22:01:18.201Z

Link: CVE-2026-21346

cve-icon Vulnrichment

Updated: 2026-02-10T18:47:41.447Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T19:15:57.657

Modified: 2026-02-11T17:15:14.187

Link: CVE-2026-21346

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:15:06Z

Weaknesses